Published: 13/01/2010 Updated: 30/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The default configuration of Adobe Reader and Acrobat 9.x prior to 9.3, and 8.x prior to 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe acrobat 9.1.3
adobe acrobat 9.1.2
adobe acrobat 8.1.3
adobe acrobat 8.1.2
adobe acrobat 7.1.1
adobe acrobat 7.1.0
adobe acrobat 7.0.3
adobe acrobat 7.0.2
adobe acrobat 6.0.1
adobe acrobat 6.0
adobe acrobat 4.0.5
adobe acrobat 4.0
adobe acrobat
adobe acrobat 8.1.5
adobe acrobat 8.1.4
adobe acrobat 7.1.3
adobe acrobat 7.1.2
adobe acrobat 7.0.5
adobe acrobat 7.0.4
adobe acrobat 6.0.3
adobe acrobat 6.0.2
adobe acrobat 4.0.5c
adobe acrobat 4.0.5a
adobe acrobat 9.1.1
adobe acrobat 9.1
adobe acrobat 8.1.1
adobe acrobat 8.1
adobe acrobat 7.0.9
adobe acrobat 7.0.8
adobe acrobat 7.0.1
adobe acrobat 7.0
adobe acrobat 6.0.6
adobe acrobat 5.0.6
adobe acrobat 5.0.5
adobe acrobat 3.1
adobe acrobat 3.0
adobe acrobat 9.0
adobe acrobat 8.1.7
adobe acrobat 8.1.6
adobe acrobat 8.0
adobe acrobat 7.1.4
adobe acrobat 7.0.7
adobe acrobat 7.0.6
adobe acrobat 6.0.5
adobe acrobat 6.0.4
adobe acrobat 5.0.10
adobe acrobat 5.0
adobe acrobat_reader
adobe acrobat_reader 9.1.3
adobe acrobat_reader 8.1.5
adobe acrobat_reader 8.1.4
adobe acrobat_reader 7.0.8
adobe acrobat_reader 7.0.7
adobe acrobat_reader 7.1.1
adobe acrobat_reader 7.1.3
adobe acrobat_reader 6.0
adobe acrobat_reader 5.1
adobe acrobat_reader 5.0
adobe acrobat_reader 4.5
adobe acrobat_reader 9.1.2
adobe acrobat_reader 9.1.1
adobe acrobat_reader 8.1.2
adobe acrobat_reader 8.1.1
adobe acrobat_reader 7.0.6
adobe acrobat_reader 7.0.5
adobe acrobat_reader 7.1.2
adobe acrobat_reader 6.0.5
adobe acrobat_reader 5.0.9
adobe acrobat_reader 5.0.7
adobe acrobat_reader 4.0.5c
adobe acrobat_reader 4.0.5a
adobe acrobat_reader 8.1.7
adobe acrobat_reader 8.1.6
adobe acrobat_reader 7.1.0
adobe acrobat_reader 7.0.9
adobe acrobat_reader 7.0.2
adobe acrobat_reader 7.0.1
adobe acrobat_reader 7.0
adobe acrobat_reader 6.0.2
adobe acrobat_reader 6.0.1
adobe acrobat_reader 5.0.11
adobe acrobat_reader 5.0.10
adobe acrobat_reader 3.02
adobe acrobat_reader 3.01
adobe acrobat_reader 3.0
adobe acrobat_reader 9.1
adobe acrobat_reader 9.0
adobe acrobat_reader 8.1
adobe acrobat_reader 8.0
adobe acrobat_reader 7.0.4
adobe acrobat_reader 7.0.3
adobe acrobat_reader 6.0.4
adobe acrobat_reader 6.0.3
adobe acrobat_reader 5.0.6
adobe acrobat_reader 5.0.5
adobe acrobat_reader 4.0.5
adobe acrobat_reader 4.0

Synopsis Critical: acroread security and bug fix update Type/Severity Security Advisory: Critical Topic Updated acroread packages that fix multiple security issues and three bugsare now available for Red Hat Enterprise Linux 5 SupplementaryThis update has been rated as having critical security impact by th ...

Synopsis Critical: acroread security update Type/Severity Security Advisory: Critical Topic Updated acroread packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 4 ExtrasThis update has been rated as having critical security impact by the RedHat Security Response Team ...

Synopsis Critical: acroread security update Type/Severity Security Advisory: Critical Topic The acroread packages as shipped in Red Hat Enterprise Linux 3 Extrascontain security flaws and should not be usedThis update has been rated as having critical security impact by the RedHat Security Response Team ...

A vulnerability exists within the Forms Data Format (FDF) built into Adobe Acrobat Reader which allows an attacker to inject JavaScript into a Portable Document Format (PDF) file from any domain on the internet Successful exploitation of this issue results in the potential disclosure of sensitive information or other cross-domain attacks including ...

CWE-16 http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.vupen.com/english/advisories/2010/0103 http://www.us-cert.gov/cas/techalerts/TA10-013A.html http://www.securitytracker.com/id?1023446 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://secunia.com/advisories/38138 http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf http://www.securityfocus.com/bid/37763 https://bugzilla.redhat.com/show_bug.cgi?id=554296 http://secunia.com/advisories/38215 http://www.redhat.com/support/errata/RHSA-2010-0060.html https://exchange.xforce.ibmcloud.com/vulnerabilities/55554 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8327 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2010:0037

Get Started

CVE-2009-3956

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect