From 22d1dafaeef8883a46ab7b3569512aa401f4b757 Mon Sep 17 00:00:00 2001 From: Hiroki Sato Date: Sat, 18 Jun 2005 16:54:40 +0000 Subject: [PATCH] Document acroread -- XML External Entity vulnerability. --- security/vuxml/vuln.xml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d7824de7545d..4902898688da 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,35 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> + + acroread -- XML External Entity vulnerability + + + acroread7 + ja-acroread + 7.0.07.0.2 + + + + +

Sverre H. Huseby discovered a vulnerability in Adobe Acrobat + and Adobe Reader. + Under certain circumstances, using XML scripts it is possible + to discover the existence of local files.

+ +
+ + CAN-2005-1306 + http://shh.thathost.com/secadv/adobexxe/ + http://www.adobe.com/support/techdocs/331710.html + http://support.adobe.co.jp/faq/faq/qadoc.sv?226360+002+3 + + + 2005-06-15 + 2005-06-18 + +
+ gzip -- directory traversal and permission race vulnerabilities