CVE-2005-1306

HIGH

Adobe Reader/Acrobat <7.0.1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1306. PoCs published by Sverre H. Huseby.

AI-analyzed exploit summary This exploit leverages an XML External Entity (XXE) injection vulnerability in Adobe Acrobat and Adobe Reader to disclose the contents of arbitrary files on the target system. The provided XML payload attempts to read the 'c:/boot.ini' file, demonstrating the information disclosure capability.

Description

The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED
by Sverre H. Huseby · xmlremotewindows
https://www.exploit-db.com/exploits/25822

This exploit leverages an XML External Entity (XXE) injection vulnerability in Adobe Acrobat and Adobe Reader to disclose the contents of arbitrary files on the target system. The provided XML payload attempts to read the 'c:/boot.ini' file, demonstrating the information disclosure capability.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Adobe Acrobat and Adobe Reader (versions affected by CVE-2005-1306)
No auth needed
Prerequisites: Target system must have Adobe Acrobat or Adobe Reader installed and vulnerable to CVE-2005-1306 · Attacker must be able to deliver the malicious XML file to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13962
Broken Link, Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/techdocs/331710.html

Scores

CVSS v3 7.5
EPSS 0.1453
EPSS Percentile 96.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-611
Status published
Products (4)
adobe/acrobat 7.0
adobe/acrobat 7.0.1
adobe/acrobat_reader 7.0
adobe/acrobat_reader 7.0.1
Published Jun 15, 2005
Tracked Since Feb 18, 2026