CVE-2009-3956

Sažetak

The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.

Reference

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://secunia.com/advisories/38138
http://secunia.com/advisories/38215
http://www.adobe.com/support/security/bulletins/apsb10-02.html
http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt
http://www.redhat.com/support/errata/RHSA-2010-0060.html
http://www.securityfocus.com/bid/37763
http://www.securitytracker.com/id?1023446
http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf
http://www.us-cert.gov/cas/techalerts/TA10-013A.html
http://www.vupen.com/english/advisories/2010/0103
https://bugzilla.redhat.com/show_bug.cgi?id=554296
https://exchange.xforce.ibmcloud.com/vulnerabilities/55554
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8327

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

30-10-2018 - 16:25

Objavljeno

13-01-2010 - 19:30