10
CVE-2009-3956
- EPSS 7.73%
- Veröffentlicht 13.01.2010 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:42
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.73% | 0.939 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://secunia.com/advisories/38138
http://secunia.com/advisories/38215
http://www.adobe.com/support/security/bulletins/apsb10-02.html
http://www.redhat.com/support/errata/RHSA-2010-0060.html
http://www.us-cert.gov/cas/techalerts/TA10-013A.html
http://www.vupen.com/english/advisories/2010/0103
http://www.securitytracker.com/id?1023446
http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt
http://www.securityfocus.com/bid/37763
http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf
https://bugzilla.redhat.com/show_bug.cgi?id=554296
https://exchange.xforce.ibmcloud.com/vulnerabilities/55554
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8327