The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.
References
Link | Resource |
---|---|
http://secunia.com/advisories/15255 | Broken Link Vendor Advisory |
http://securitytracker.com/id?1013890 | Broken Link Third Party Advisory VDB Entry |
http://www.adobe.com/support/techdocs/323585.html | Broken Link Patch |
http://www.hyperdose.com/advisories/H2005-07.txt | Broken Link Exploit Patch |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-05-05T04:00:00
Updated: 2005-05-11T09:00:00
Reserved: 2005-03-29T00:00:00
Link: CVE-2005-0918
JSON object: View
NVD Information
Status : Analyzed
Published: 2005-05-05T04:00:00.000
Modified: 2024-02-15T15:19:52.240
Link: CVE-2005-0918
JSON object: View
Redhat Information
No data.
CWE