CVE-2005-0918

The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.
References
Link Resource
http://secunia.com/advisories/15255 Broken Link Vendor Advisory
http://securitytracker.com/id?1013890 Broken Link Third Party Advisory VDB Entry
http://www.adobe.com/support/techdocs/323585.html Broken Link Patch
http://www.hyperdose.com/advisories/H2005-07.txt Broken Link Exploit Patch
http://secunia.com/advisories/15255 Broken Link Vendor Advisory
http://securitytracker.com/id?1013890 Broken Link Third Party Advisory VDB Entry
http://www.adobe.com/support/techdocs/323585.html Broken Link Patch
http://www.hyperdose.com/advisories/H2005-07.txt Broken Link Exploit Patch
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:adobe:svg_viewer:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*

History

20 Nov 2024, 23:56

Type Values Removed Values Added
References () http://secunia.com/advisories/15255 - Broken Link, Vendor Advisory () http://secunia.com/advisories/15255 - Broken Link, Vendor Advisory
References () http://securitytracker.com/id?1013890 - Broken Link, Third Party Advisory, VDB Entry () http://securitytracker.com/id?1013890 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.adobe.com/support/techdocs/323585.html - Broken Link, Patch () http://www.adobe.com/support/techdocs/323585.html - Broken Link, Patch
References () http://www.hyperdose.com/advisories/H2005-07.txt - Broken Link, Exploit, Patch () http://www.hyperdose.com/advisories/H2005-07.txt - Broken Link, Exploit, Patch

15 Feb 2024, 15:19

Type Values Removed Values Added
References (SECUNIA) http://secunia.com/advisories/15255 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/15255 - Broken Link, Vendor Advisory
References (MISC) http://www.hyperdose.com/advisories/H2005-07.txt - Exploit, Patch (MISC) http://www.hyperdose.com/advisories/H2005-07.txt - Broken Link, Exploit, Patch
References (SECTRACK) http://securitytracker.com/id?1013890 - (SECTRACK) http://securitytracker.com/id?1013890 - Broken Link, Third Party Advisory, VDB Entry
References (CONFIRM) http://www.adobe.com/support/techdocs/323585.html - Patch (CONFIRM) http://www.adobe.com/support/techdocs/323585.html - Broken Link, Patch
First Time Microsoft
Microsoft internet Explorer
CPE cpe:2.3:a:adobe:svg_viewer:3.02:*:*:*:*:*:*:*
cpe:2.3:a:adobe:svg_viewer:2.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:svg_viewer:3.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:svg_viewer:1.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:svg_viewer:3.01:*:*:*:*:*:*:*
cpe:2.3:a:adobe:svg_viewer:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*
CWE NVD-CWE-Other CWE-203

Information

Published : 2005-05-05 04:00

Updated : 2024-11-20 23:56


NVD link : CVE-2005-0918

Mitre link : CVE-2005-0918

CVE.ORG link : CVE-2005-0918


JSON object : View

Products Affected

adobe

  • svg_viewer

microsoft

  • internet_explorer
CWE
CWE-203

Observable Discrepancy