VULHUB ™

The Adobe SVG Viewer (ASV) alert() method is prone to a vulnerability that could permit script code to be executed in the context of a foreign domain or another Security Zone (in the case of the viewer being included as a plug-in for Internet Explorer). This could permit malicious script code to access the properties of foreign domains or to execute with the relaxed security restrictions associated with other browser Security Zones. Potential attacks include theft of cookie-based authentication credentials from foreign domains, as well as controlling how sites are rendered to users. Executing malicious script in other Security Zones, such as My Computer, poses a more serious risk as it may facilitate attacks which allow local files to be read or written to and execution of arbitrary code. The attack vectors may vary depending on whether the viewer is operating on its own or used as a plug-in for Internet Explorer (or other browsers). ASV 3.0 and prior are reported to be prone to...

The Adobe SVG Viewer (ASV) alert() method is prone to a vulnerability that could permit script code to be executed in the context of a foreign domain or another Security Zone (in the case of the viewer being included as a plug-in for Internet Explorer). This could permit malicious script code to access the properties of foreign domains or to execute with the relaxed security restrictions associated with other browser Security Zones. Potential attacks include theft of cookie-based authentication credentials from foreign domains, as well as controlling how sites are rendered to users. Executing malicious script in other Security Zones, such as My Computer, poses a more serious risk as it may facilitate attacks which allow local files to be read or written to and execution of arbitrary code. The attack vectors may vary depending on whether the viewer is operating on its own or used as a plug-in for Internet Explorer (or other browsers). ASV 3.0 and prior are reported to be prone to this vulnerability.