A weakness has been reported in Adobe SVG Viewer, which can be exploited by malicious people to enumerate files on a user's system.
An error in the ActiveX control (NPSVG3.dll) makes it possible for malicious web pages to determine whether or not a particular file exists on a user's system by specified the particular file in the "src" property.
The weakness affects versions 3.02 and prior.
NOTE: A not previously published highly critical error in libpng can potentially be exploited to execute arbitrary code on a user's system via a specially crafted PNG image affects Adobe SVG viewer version 3.0.1 and prior. This vulnerability was fixed in version 3.0.2.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Adobe SVG Viewer Local File Detection Weakness