CVE-2009-3956

EUVD-2009-3927
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
adobeacrobat
𝑥
≤ 9.2
adobeacrobat
3.0
adobeacrobat
3.1
adobeacrobat
4.0
adobeacrobat
4.0.5
adobeacrobat
4.0.5a:a
adobeacrobat
4.0.5c:c
adobeacrobat
5.0
adobeacrobat
5.0.5
adobeacrobat
5.0.6
adobeacrobat
5.0.10
adobeacrobat
6.0
adobeacrobat
6.0.1
adobeacrobat
6.0.2
adobeacrobat
6.0.3
adobeacrobat
6.0.4
adobeacrobat
6.0.5
adobeacrobat
6.0.6
adobeacrobat
7.0
adobeacrobat
7.0.1
adobeacrobat
7.0.2
adobeacrobat
7.0.3
adobeacrobat
7.0.4
adobeacrobat
7.0.5
adobeacrobat
7.0.6
adobeacrobat
7.0.7
adobeacrobat
7.0.8
adobeacrobat
7.0.9
adobeacrobat
7.1.0
adobeacrobat
7.1.1
adobeacrobat
7.1.2
adobeacrobat
7.1.3
adobeacrobat
7.1.4
adobeacrobat
8.0
adobeacrobat
8.1
adobeacrobat
8.1.1
adobeacrobat
8.1.2
adobeacrobat
8.1.3
adobeacrobat
8.1.4
adobeacrobat
8.1.5
adobeacrobat
8.1.6
adobeacrobat
8.1.7
adobeacrobat
9.0
adobeacrobat
9.1
adobeacrobat
9.1.1
adobeacrobat
9.1.2
adobeacrobat
9.1.3
adobeacrobat_reader
𝑥
≤ 9.2
adobeacrobat_reader
3.0
adobeacrobat_reader
3.01
adobeacrobat_reader
3.02
adobeacrobat_reader
4.0
adobeacrobat_reader
4.0.5
adobeacrobat_reader
4.0.5a:a
adobeacrobat_reader
4.0.5c:c
adobeacrobat_reader
4.5
adobeacrobat_reader
5.0
adobeacrobat_reader
5.0.5
adobeacrobat_reader
5.0.6
adobeacrobat_reader
5.0.7
adobeacrobat_reader
5.0.9
adobeacrobat_reader
5.0.10
adobeacrobat_reader
5.0.11
adobeacrobat_reader
5.1
adobeacrobat_reader
6.0
adobeacrobat_reader
6.0.1
adobeacrobat_reader
6.0.2
adobeacrobat_reader
6.0.3
adobeacrobat_reader
6.0.4
adobeacrobat_reader
6.0.5
adobeacrobat_reader
7.0
adobeacrobat_reader
7.0.1
adobeacrobat_reader
7.0.2
adobeacrobat_reader
7.0.3
adobeacrobat_reader
7.0.4
adobeacrobat_reader
7.0.5
adobeacrobat_reader
7.0.6
adobeacrobat_reader
7.0.7
adobeacrobat_reader
7.0.8
adobeacrobat_reader
7.0.9
adobeacrobat_reader
7.1.0
adobeacrobat_reader
7.1.1
adobeacrobat_reader
7.1.2
adobeacrobat_reader
7.1.3
adobeacrobat_reader
8.0
adobeacrobat_reader
8.1
adobeacrobat_reader
8.1.1
adobeacrobat_reader
8.1.2
adobeacrobat_reader
8.1.4
adobeacrobat_reader
8.1.5
adobeacrobat_reader
8.1.6
adobeacrobat_reader
8.1.7
adobeacrobat_reader
9.0
adobeacrobat_reader
9.1
adobeacrobat_reader
9.1.1
adobeacrobat_reader
9.1.2
adobeacrobat_reader
9.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://secunia.com/advisories/38138
http://secunia.com/advisories/38215
http://www.adobe.com/support/security/bulletins/apsb10-02.html
http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt
http://www.redhat.com/support/errata/RHSA-2010-0060.html
http://www.securityfocus.com/bid/37763
http://www.securitytracker.com/id?1023446
http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf
http://www.us-cert.gov/cas/techalerts/TA10-013A.html
http://www.vupen.com/english/advisories/2010/0103
https://bugzilla.redhat.com/show_bug.cgi?id=554296
https://exchange.xforce.ibmcloud.com/vulnerabilities/55554
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8327
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://secunia.com/advisories/38138
http://secunia.com/advisories/38215
http://www.adobe.com/support/security/bulletins/apsb10-02.html
http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt
http://www.redhat.com/support/errata/RHSA-2010-0060.html
http://www.securityfocus.com/bid/37763
http://www.securitytracker.com/id?1023446
http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf
http://www.us-cert.gov/cas/techalerts/TA10-013A.html
http://www.vupen.com/english/advisories/2010/0103
https://bugzilla.redhat.com/show_bug.cgi?id=554296
https://exchange.xforce.ibmcloud.com/vulnerabilities/55554
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8327