{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-01-12T00:00:00", "descriptions": [{"lang": "en", "value": "The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a \"script injection vulnerability,\" as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"name": "acrobat-reader-unspec-xss(55554)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55554"}, {"name": "38138", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38138"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"}, {"name": "RHSA-2010:0060", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"}, {"name": "37763", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37763"}, {"tags": ["x_refsource_MISC"], "url": "http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf"}, {"name": "ADV-2010-0103", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0103"}, {"name": "1023446", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1023446"}, {"name": "38215", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38215"}, {"name": "SUSE-SA:2010:008", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"}, {"name": "TA10-013A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"}, {"name": "oval:org.mitre.oval:def:8327", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8327"}, {"tags": ["x_refsource_MISC"], "url": "http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2009-3956", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a \"script injection vulnerability,\" as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "acrobat-reader-unspec-xss(55554)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55554"}, {"name": "38138", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38138"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=554296", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb10-02.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"}, {"name": "RHSA-2010:0060", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"}, {"name": "37763", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37763"}, {"name": "http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf", "refsource": "MISC", "url": "http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf"}, {"name": "ADV-2010-0103", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0103"}, {"name": "1023446", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1023446"}, {"name": "38215", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38215"}, {"name": "SUSE-SA:2010:008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"}, {"name": "TA10-013A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"}, {"name": "oval:org.mitre.oval:def:8327", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8327"}, {"name": "http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt", "refsource": "MISC", "url": "http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:45:50.854Z"}, "title": "CVE Program Container", "references": [{"name": "acrobat-reader-unspec-xss(55554)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55554"}, {"name": "38138", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38138"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"}, {"name": "RHSA-2010:0060", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"}, {"name": "37763", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/37763"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf"}, {"name": "ADV-2010-0103", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0103"}, {"name": "1023446", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1023446"}, {"name": "38215", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38215"}, {"name": "SUSE-SA:2010:008", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"}, {"name": "TA10-013A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"}, {"name": "oval:org.mitre.oval:def:8327", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8327"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt"}]}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2009-3956", "datePublished": "2010-01-13T19:00:00", "dateReserved": "2009-11-16T00:00:00", "dateUpdated": "2024-08-07T06:45:50.854Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "matchCriteriaId": "C42D46A5-DB0B-48EF-8587-C2CEDAA14A4A", "versionEndIncluding": "9.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "465F9134-DD86-4F13-8C39-949BE6E7389A", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "BB041EDF-EFF8-4AA6-8D59-411975547534", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4C05F6A5-0FB3-489B-9B8B-64C569C03D7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "AABA4FE3-662B-4956-904D-45086E000890", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*", "matchCriteriaId": "998CD79C-458E-46A8-8261-1C40C53D9FA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*", "matchCriteriaId": "0155FB0B-7FAD-4388-96C8-A8543B4FDFD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "201F059D-33D1-4D9F-9C6F-FC8EB49E4735", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "B025E795-5713-485E-8A15-EBE4451A1A46", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "B453FA1D-0FE9-4324-9644-E167561926C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "FDEA946E-B6D2-463B-89D0-F2F37278089E", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "183B5940-2310-4D2E-99F0-9792A801A442", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F8BB13E-2732-4F9E-A588-EA1C00893C8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E5FCDCBF-597B-439C-8D8B-2819FC70C567", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "440B890A-90E9-4456-B92A-856CD17F0C78", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "79BD9D8D-39DA-403E-915D-E1B6A46A6BAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "8976A7DC-1314-4C4A-A7C5-AA789D2DAB9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:6.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "37854E7C-2166-48D7-AE8C-44C9468C38C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "FECFC942-4F04-420C-A9B4-AE0C0590317F", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F81817F2-1E3A-4A52-88F1-6B614A2A1F0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "CFFFFF0D-A80F-4B67-BEE2-86868EF7AA37", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "1DC97A87-2652-4AD6-8E10-419A9AC9C245", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "3E1F71AE-3591-499E-B09F-AAC4E38F1CF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "2D75174C-EBF9-4117-9E66-80E847012853", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "69B0305A-51D3-4E09-B96C-54B0ED921DA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "9762FE57-837B-4FFA-9813-AC038450EB2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "0055A38C-E421-40A1-8BC7-11856A20B8F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "758CC9EE-8929-405B-A845-83BAAECCB2AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "24A7CF98-27EC-406A-98E2-ACC1AAAF5C93", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "BC1BD70D-7A92-4309-A40C-9BD500997390", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F9C17896-8895-4731-B77A-F488A94F0CBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "21AC1961-12F7-456F-9CE4-9AAF116CF141", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:7.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "DF9F1050-B6BE-4B99-882B-36D6E187304D", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "26AE76F7-D7F6-4AF2-A5C6-708B5642C288", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "749FFB51-65D4-4A4B-95F3-742440276897", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C8665E53-EC1E-4B95-9064-2565BC12113E", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "24218FDA-F9DA-465A-B5D5-76A55C7EE04E", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "E2C5F1C5-85CD-47B9-897F-E51D6902AF72", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "E0E190FF-3EBC-44AB-8072-4D964E843E8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "6A624D44-C135-4ED3-9BA4-F4F8A044850B", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "B95C0A99-42E4-40A9-BF61-507E4E4DC052", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "3B9F55CC-3681-4A67-99D1-3F40447392D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "5AA53564-9ACD-4CFB-9AAC-A77440026A57", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "C7EC46E3-77B7-4455-B3E0-A45C6B69B3DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F475858-DCE2-4C93-A51A-04718DF17593", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "88687272-4CD0-42A2-B727-C322ABDE3549", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "1E5C4FA4-3786-47AF-BD7D-8E75927EB3AA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7BDB18D-A53C-4252-B2ED-42E6F3609277", "versionEndIncluding": "9.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1C92642-7C8D-411A-8726-06A8A6483D65", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:3.01:*:*:*:*:*:*:*", "matchCriteriaId": "3CBE2E6C-AF0E-4A77-9EB0-3593889BC676", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:3.02:*:*:*:*:*:*:*", "matchCriteriaId": "4B5C5C14-383C-4630-858E-D40D6C32FD4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F509566A-6D4A-40C0-8A16-F8765C5DCAAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "707D7124-6063-4510-80B4-AD9675996F67", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:4.0.5a:*:*:*:*:*:*:*", "matchCriteriaId": "200FFAE3-CC1C-4A11-99AD-377D54A67195", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:4.0.5c:*:*:*:*:*:*:*", "matchCriteriaId": "8A990E86-07C0-49E2-92D6-55E499F30FAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "6AED985D-60D7-489E-9F1E-CE3C9D985B7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "5F0FCA2F-FD7F-4CE5-9D45-324A7EC45105", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "EF7EAA22-CED2-4379-9465-9562BACB1C20", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "35B1CA6B-600C-4E03-B4D5-3D7E1BC4D0F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "F7AA1BA3-9FFA-46AB-A92A-7247D5F7EA06", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "3F5F7424-1E19-4078-8908-CD86A0185042", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "F2402B40-6B72-48B5-A376-DA8D16CA43FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "0D968113-340A-4E5A-B4FD-D9702D49E3DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "ACF742B8-5F7A-487B-835C-756B1BB392F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "C0BB7C0C-B1D6-4733-BA91-022A1A7FB2E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0B131DB8-4B6A-4AF2-8D5E-B5EA1AEBFB3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5B9351C2-16ED-4766-B417-8DB3A8766C2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "74667860-0047-40AD-9468-860591BA9D17", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "5DEA092A-5532-4DCC-B43D-7A8ECF07FA4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "9628AFF9-6EE1-4E85-858F-AE96EE64B7F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E2D0266-6954-4DBA-9EEE-8BF73B39DD61", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "24262AFA-2EC8-479E-8922-36DB4243E404", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F1E62096-08B2-4722-A492-11E9A441E85B", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "C5370AC6-90EE-48EA-8DBD-54002B102F7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "C36D10A8-D211-437D-98D8-9029D0A9CF8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "BA55D00C-3629-48E4-8699-F62B8D703E02", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "0EE5E1B7-7B91-4AE1-92AA-4F1763E1BA1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "623324C2-C8B5-4C3C-9C10-9677D5A6740A", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "B8EAF5E3-F3B4-4AD3-B5F1-281AB0F9C57F", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "634396D6-4ED6-4F4D-9458-396373489589", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A265869-EF58-428E-B8BB-30CABCBE0A83", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "ADB421CD-85DE-4495-93B7-46708449AE27", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "32049561-270C-4B18-9E96-EA0F66ACECAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "5491D310-E1C0-4FCB-9DCA-97CA1F95D4BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "996EB48E-D2A8-49E4-915A-EBDE26A9FB94", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "97E20936-EE31-4CEB-A710-3165A28BAD69", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5BD9952C-A1D0-4DFB-A292-9B86D7EAE5FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C5BEA847-A71E-4336-AB67-B3C38847C1C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "39F6994B-6969-485B-9286-2592B11A47BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "FC533775-B52E-43F0-BF19-1473BE36232D", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "18D1C85E-42CC-46F2-A7B6-DAC3C3995330", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C4670451-511E-496C-A78A-887366E1E992", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "562772F1-1627-438E-A6B8-7D1AA5536086", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "27D5AF92-A8E1-41BD-B20A-EB26BB6AD4DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F25C9167-C6D4-4264-9197-50878EDA2D96", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "DD1D7308-09E9-42B2-8836-DC2326C62A9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B5C251D2-4C9B-4029-8BED-0FCAED3B8E89", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}, {"criteria": "cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7A7C398-5356-45D6-AA5C-53E63BC88DCA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a \"script injection vulnerability,\" as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers."}, {"lang": "es", "value": "La configuraci\u00f3n por defecto en Adobe Reader y Acrobat v9.x anterior a v9.3, y 8.x anterior a v8.2, sobre Windows y Mac OS X, no soporta adecuadamente la funcionalidad Enhanced Security, que tiene un impacto y vectores de ataque desconocidos relacionados con \"una vulnerabilidad de inyecci\u00f3n de secuencias de comandos\"."}], "evaluatorComment": "Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html\r\n\r\na script injection vulnerability by changing the Enhanced Security default (CVE-2009-3956).", "evaluatorImpact": "Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html\r\n\r\nAffected software versions\r\n\r\nAdobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX\r\nAdobe Acrobat 9.2 and earlier versions for Windows and Macintosh", "id": "CVE-2009-3956", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-01-13T19:30:00.513", "references": [{"source": "psirt@adobe.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"}, {"source": "psirt@adobe.com", "url": "http://secunia.com/advisories/38138"}, {"source": "psirt@adobe.com", "url": "http://secunia.com/advisories/38215"}, {"source": "psirt@adobe.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"}, {"source": "psirt@adobe.com", "url": "http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt"}, {"source": "psirt@adobe.com", "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"}, {"source": "psirt@adobe.com", "url": "http://www.securityfocus.com/bid/37763"}, {"source": "psirt@adobe.com", "url": "http://www.securitytracker.com/id?1023446"}, {"source": "psirt@adobe.com", "url": "http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf"}, {"source": "psirt@adobe.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"}, {"source": "psirt@adobe.com", "url": "http://www.vupen.com/english/advisories/2010/0103"}, {"source": "psirt@adobe.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296"}, {"source": "psirt@adobe.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55554"}, {"source": "psirt@adobe.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8327"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/38138"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/38215"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/37763"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1023446"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/0103"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55554"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8327"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2010:0060", "cpe": "cpe:/a:redhat:rhel_extras:3", "package": "acroread-0:9.3-3", "product_name": "Extras for RHEL 3", "release_date": "2010-01-20T00:00:00Z"}, {"advisory": "RHSA-2010:0038", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "acroread-0:9.3-1.el4", "product_name": "Extras for RHEL 4", "release_date": "2010-01-13T00:00:00Z"}, {"advisory": "RHSA-2010:0037", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "acroread-0:9.3-1.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2010-01-13T00:00:00Z"}], "bugzilla": {"description": "acroread: script injection vulnerability (APSB10-02)", "id": "554296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "details": ["The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a \"script injection vulnerability,\" as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers."], "name": "CVE-2009-3956", "public_date": "2010-01-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-3956\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-3956"], "threat_severity": "Moderate"}

{}