Vulnerability CVE-2005-0918


Published: 2005-05-05   Modified: 2012-02-12

Description:
The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Adobe -> Svg viewer 

 References:
http://www.hyperdose.com/advisories/H2005-07.txt
http://www.adobe.com/support/techdocs/323585.html
http://securitytracker.com/id?1013890
http://secunia.com/advisories/15255

Copyright 2024, cxsecurity.com

 

Back to Top