Adobe SVG Viewer Local File Detection and libpng Vulnerability
SECUNIA ADVISORY ID:
Exposure of system information, System access
Adobe SVG Viewer 3.x
A vulnerability and a weakness have been reported in Adobe SVG
Viewer, which can be exploited by malicious people to enumerate files
on a user's system or potentially compromise it.
1) An error in the ActiveX control (NPSVG3.dll) makes it possible for
malicious web pages to determine whether or not a particular file
exists on a user's system by specified the particular file in the
The weakness affects versions 3.02 and prior.
2) An error in libpng can potentially be exploited to execute
arbitrary code on a user's system via a specially crafted PNG image.
For more information:
The vulnerability affects version 3.01 and prior.
Update to version 3.03.
PROVIDED AND/OR DISCOVERED BY:
1) Robert Fly, Hyperdose Security.
Your favorite shows are back!
Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!