CVE-2009-3956

N/A Unknown

Published: January 13, 2010 Modified: April 23, 2026

Description

The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html

Source: psirt@adobe.com

http://secunia.com/advisories/38138

Source: psirt@adobe.com

http://secunia.com/advisories/38215

Source: psirt@adobe.com

http://www.adobe.com/support/security/bulletins/apsb10-02.html

Source: psirt@adobe.com

Patch Vendor Advisory

http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt

Source: psirt@adobe.com

http://www.redhat.com/support/errata/RHSA-2010-0060.html

Source: psirt@adobe.com

http://www.securityfocus.com/bid/37763

Source: psirt@adobe.com

http://www.securitytracker.com/id?1023446

Source: psirt@adobe.com

http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf

Source: psirt@adobe.com

http://www.us-cert.gov/cas/techalerts/TA10-013A.html

Source: psirt@adobe.com

US Government Resource

http://www.vupen.com/english/advisories/2010/0103

Source: psirt@adobe.com

https://bugzilla.redhat.com/show_bug.cgi?id=554296

Source: psirt@adobe.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/55554

Source: psirt@adobe.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8327

Source: psirt@adobe.com

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/38138

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/38215

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.adobe.com/support/security/bulletins/apsb10-02.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2010-0060.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/37763

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1023446

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA10-013A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2010/0103

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=554296

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/55554

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8327

Source: af854a3a-2127-422b-91ae-364da2661108

28 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

5.1%

90th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-16

Affected Vendors

unix apple microsoft adobe

Related CVEs

CVE-2026-7024 5.4

CVE-2026-7023 6.3

CVE-2026-7022 7.3

CVE-2026-7021 3.5

CVE-2026-7020 5.6