CVE-2005-0918

Sažetak

The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.

Reference

http://secunia.com/advisories/15255
http://securitytracker.com/id?1013890
http://www.adobe.com/support/techdocs/323585.html
http://www.hyperdose.com/advisories/H2005-07.txt

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

15-02-2024 - 15:19

Objavljeno

05-05-2005 - 04:00