Vulnerability Description
The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Svg Viewer | <= 3.02 |
| Microsoft | Internet Explorer | - |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/15255Broken LinkVendor Advisory
- http://securitytracker.com/id?1013890Broken LinkThird Party AdvisoryVDB Entry
- http://www.adobe.com/support/techdocs/323585.htmlBroken LinkPatch
- http://www.hyperdose.com/advisories/H2005-07.txtBroken LinkExploitPatch
- http://secunia.com/advisories/15255Broken LinkVendor Advisory
- http://securitytracker.com/id?1013890Broken LinkThird Party AdvisoryVDB Entry
- http://www.adobe.com/support/techdocs/323585.htmlBroken LinkPatch
- http://www.hyperdose.com/advisories/H2005-07.txtBroken LinkExploitPatch
FAQ
What is CVE-2005-0918?
CVE-2005-0918 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src proper...
How severe is CVE-2005-0918?
CVE-2005-0918 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0918?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Svg Viewer, Microsoft Internet Explorer.