ID CVE-2005-1306
Summary The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 05-09-2008 - 20:48)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 13962
confirm http://www.adobe.com/support/techdocs/331710.html
statements via4
contributor Mark J Cox
lastmodified 2006-08-30
organization Red Hat
statement Not vulnerable. Adobe told us this issue did not affect the Linux version of Adobe Reader.
Last major update 05-09-2008 - 20:48
Published 15-06-2005 - 04:00
Last modified 05-09-2008 - 20:48
Back to Top