CVE-2005-0918
Adobe SVG Viewer < 3.02 - File Existence Disclosure via NPSVG3.dll ActiveX Control
Title source: llmDescription
The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.
References (4)
Core 4
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1013890
Broken Link, Patch x_refsource_confirm
http://www.adobe.com/support/techdocs/323585.html
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/15255
Broken Link, Exploit, Patch x_refsource_misc
http://www.hyperdose.com/advisories/H2005-07.txt
Scores
EPSS
0.0236
EPSS Percentile
81.6%
Details
CWE
CWE-203
Status
published
Products (1)
adobe/svg_viewer
< 3.02
Published
May 05, 2005
Tracked Since
Feb 18, 2026