CVE-2005-1306

HIGH

Adobe Reader/Acrobat <7.0.1 - Info Disclosure

Title source: llm

Description

The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sverre H. Huseby · xmlremotewindows

https://www.exploit-db.com/exploits/25822

View Code ZIP pw:eip

References (2)

[Broken Link, Patch, Vendor Advisory] http://www.adobe.com/support/techdocs/331710.html

[Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/13962

Scores

CVSS v3 7.5

EPSS 0.1606

EPSS Percentile 94.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-611

Status published

Products (4)

adobe/acrobat 7.0

adobe/acrobat 7.0.1

adobe/acrobat_reader 7.0

adobe/acrobat_reader 7.0.1

Published Jun 15, 2005

Tracked Since Feb 18, 2026