Описание
The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.
Ссылки
- Broken LinkVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkPatch
- Broken LinkExploitPatch
- Broken LinkVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkPatch
- Broken LinkExploitPatch
Уязвимые конфигурации
Конфигурация 1Версия до 3.02 (включая)
Одновременно
cpe:2.3:a:adobe:svg_viewer:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01645
Низкий
5 Medium
CVSS2
Дефекты
CWE-203
Связанные уязвимости
github
почти 4 года назад
The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.
EPSS
Процентиль: 82%
0.01645
Низкий
5 Medium
CVSS2
Дефекты
CWE-203