CVE-2005-1306

The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."

Published: Jun 15, 2005
Updated: May 9, 2024
CVE: CVE-2005-1306
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
adobe / acrobat_reader	7.0.1	7.0.1.x
adobe / acrobat_reader	7.0	7.0.x
adobe / acrobat	7.0.1	7.0.1.x
adobe / acrobat	7.0	7.0.x

http://www.adobe.com/support/techdocs/331710.html
http://www.securityfocus.com/bid/13962

Vulnerability Database

289,599

CVE-2005-1306