7.5

CVE-2005-1306

Exploit
The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeAcrobat Version7.0
AdobeAcrobat Version7.0.1
AdobeAcrobat Reader Version7.0
AdobeAcrobat Reader Version7.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.53% 0.962
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

http://www.adobe.com/support/techdocs/331710.html
Patch
Vendor Advisory
Broken Link
http://www.securityfocus.com/bid/13962
Patch
Third Party Advisory
Vendor Advisory
Exploit
Broken Link
VDB Entry