5
CVE-2005-0918
- EPSS 2.36%
- Veröffentlicht 05.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:12:02
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Svg Viewer Version <= 3.02
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.36% | 0.816 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-203 Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
http://secunia.com/advisories/15255
http://securitytracker.com/id?1013890
http://www.adobe.com/support/techdocs/323585.html
http://www.hyperdose.com/advisories/H2005-07.txt