The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.
References
Link | Resource |
---|---|
http://secunia.com/advisories/15255 | Broken Link Vendor Advisory |
http://securitytracker.com/id?1013890 | Broken Link Third Party Advisory VDB Entry |
http://www.adobe.com/support/techdocs/323585.html | Broken Link Patch |
http://www.hyperdose.com/advisories/H2005-07.txt | Broken Link Exploit Patch |
http://secunia.com/advisories/15255 | Broken Link Vendor Advisory |
http://securitytracker.com/id?1013890 | Broken Link Third Party Advisory VDB Entry |
http://www.adobe.com/support/techdocs/323585.html | Broken Link Patch |
http://www.hyperdose.com/advisories/H2005-07.txt | Broken Link Exploit Patch |
Configurations
Configuration 1 (hide)
AND |
|
History
20 Nov 2024, 23:56
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/15255 - Broken Link, Vendor Advisory | |
References | () http://securitytracker.com/id?1013890 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.adobe.com/support/techdocs/323585.html - Broken Link, Patch | |
References | () http://www.hyperdose.com/advisories/H2005-07.txt - Broken Link, Exploit, Patch |
15 Feb 2024, 15:19
Type | Values Removed | Values Added |
---|---|---|
References | (SECUNIA) http://secunia.com/advisories/15255 - Broken Link, Vendor Advisory | |
References | (MISC) http://www.hyperdose.com/advisories/H2005-07.txt - Broken Link, Exploit, Patch | |
References | (SECTRACK) http://securitytracker.com/id?1013890 - Broken Link, Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://www.adobe.com/support/techdocs/323585.html - Broken Link, Patch | |
First Time |
Microsoft
Microsoft internet Explorer |
|
CPE | cpe:2.3:a:adobe:svg_viewer:2.0:*:*:*:*:*:*:* cpe:2.3:a:adobe:svg_viewer:3.0:*:*:*:*:*:*:* cpe:2.3:a:adobe:svg_viewer:1.0:*:*:*:*:*:*:* cpe:2.3:a:adobe:svg_viewer:3.01:*:*:*:*:*:*:* |
cpe:2.3:a:adobe:svg_viewer:*:*:*:*:*:*:*:* cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:* |
CWE | CWE-203 |
Information
Published : 2005-05-05 04:00
Updated : 2024-11-20 23:56
NVD link : CVE-2005-0918
Mitre link : CVE-2005-0918
CVE.ORG link : CVE-2005-0918
JSON object : View
Products Affected
adobe
- svg_viewer
microsoft
- internet_explorer
CWE
CWE-203
Observable Discrepancy