ByteOS Network

NVD Vulnerability Details :

CVE-2009-3956

Modified

Source-psirt@adobe.com

Published At-13 Jan, 2010 | 19:30

Updated At-23 Apr, 2026 | 00:35

The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 2.0

Base score: 10.0

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:C/I:C/A:C

Hyperlink	Source	Resource
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html	psirt@adobe.com	N/A
http://secunia.com/advisories/38138	psirt@adobe.com	N/A
http://secunia.com/advisories/38215	psirt@adobe.com	N/A
http://www.adobe.com/support/security/bulletins/apsb10-02.html	psirt@adobe.com	Patch Vendor Advisory
http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt	psirt@adobe.com	N/A
http://www.redhat.com/support/errata/RHSA-2010-0060.html	psirt@adobe.com	N/A
http://www.securityfocus.com/bid/37763	psirt@adobe.com	N/A
http://www.securitytracker.com/id?1023446	psirt@adobe.com	N/A
http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf	psirt@adobe.com	N/A
http://www.us-cert.gov/cas/techalerts/TA10-013A.html	psirt@adobe.com	US Government Resource
http://www.vupen.com/english/advisories/2010/0103	psirt@adobe.com	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=554296	psirt@adobe.com	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/55554	psirt@adobe.com	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8327	psirt@adobe.com	N/A
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/38138	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/38215	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.adobe.com/support/security/bulletins/apsb10-02.html	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.redhat.com/support/errata/RHSA-2010-0060.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/37763	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securitytracker.com/id?1023446	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.us-cert.gov/cas/techalerts/TA10-013A.html	af854a3a-2127-422b-91ae-364da2661108	US Government Resource
http://www.vupen.com/english/advisories/2010/0103	af854a3a-2127-422b-91ae-364da2661108	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=554296	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/55554	af854a3a-2127-422b-91ae-364da2661108	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8327	af854a3a-2127-422b-91ae-364da2661108	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History