- Description
- The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-611
- Hype score
- Not currently trending
- Red HatNot vulnerable. Adobe told us this issue did not affect the Linux version of Adobe Reader.
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FECFC942-4F04-420C-A9B4-AE0C0590317F"
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F81817F2-1E3A-4A52-88F1-6B614A2A1F0A"
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E2D0266-6954-4DBA-9EEE-8BF73B39DD61"
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24262AFA-2EC8-479E-8922-36DB4243E404"
}
],
"operator": "OR"
}
]
}
]