CVE-2005-0918

Name of the Vulnerable Software and Affected Versions Adobe SVG Viewer versions 3.02 and earlier

Description The issue allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.

Recommendations For Adobe SVG Viewer versions 3.02 and earlier, consider disabling the NPSVG3.dll ActiveX control as a temporary workaround until a patch is available. Restrict access to the src property in the ActiveX control to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.