[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-3956Date: (C)2010-01-13   (M)2024-02-22


The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1023446
BID-37763
SECUNIA-38138
SECUNIA-38215
ADV-2010-0103
RHSA-2010:0060
SUSE-SA:2010:008
TA10-013A
acrobat-reader-unspec-xss(55554)
http://www.adobe.com/support/security/bulletins/apsb10-02.html
http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt
http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf
https://bugzilla.redhat.com/show_bug.cgi?id=554296
oval:org.mitre.oval:def:8327

CPE    94
cpe:/a:adobe:acrobat_reader:3.02
cpe:/a:adobe:acrobat_reader:6.0
cpe:/a:adobe:acrobat_reader:6.0.2
cpe:/a:adobe:acrobat_reader:3.01
...
CWE    1
CWE-16
OVAL    5
oval:org.secpod.oval:def:5333
oval:org.secpod.oval:def:9998
oval:org.secpod.oval:def:5329
oval:org.mitre.oval:def:8327
...

© SecPod Technologies