CyberSec.Space Logo
CVEブラウザに戻る

CVE-2009-3956

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0990%
EPSS Percentile32.76th
Published2010年1月13日
Last Modified2026年4月23日

Vulnerability Description

The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.

Affected Platforms (CPE)

📦
Adobe

Acrobat

<= 9.2
📦
Adobe

Acrobat

= 3.0
📦
Adobe

Acrobat

= 3.1
📦
Adobe

Acrobat

= 4.0
📦
Adobe

Acrobat

= 4.0.5
📦
Adobe

Acrobat

= 4.0.5a
📦
Adobe

Acrobat

= 4.0.5c
📦
Adobe

Acrobat

= 5.0
📦
Adobe

Acrobat

= 5.0.5
📦
Adobe

Acrobat

= 5.0.6
📦
Adobe

Acrobat

= 5.0.10
📦
Adobe

Acrobat

= 6.0
📦
Adobe

Acrobat

= 6.0.1
📦
Adobe

Acrobat

= 6.0.2
📦
Adobe

Acrobat

= 6.0.3
📦
Adobe

Acrobat

= 6.0.4
📦
Adobe

Acrobat

= 6.0.5
📦
Adobe

Acrobat

= 6.0.6
📦
Adobe

Acrobat

= 7.0
📦
Adobe

Acrobat

= 7.0.1
📦
Adobe

Acrobat

= 7.0.2
📦
Adobe

Acrobat

= 7.0.3
📦
Adobe

Acrobat

= 7.0.4
📦
Adobe

Acrobat

= 7.0.5
📦
Adobe

Acrobat

= 7.0.6
📦
Adobe

Acrobat

= 7.0.7
📦
Adobe

Acrobat

= 7.0.8
📦
Adobe

Acrobat

= 7.0.9
📦
Adobe

Acrobat

= 7.1.0
📦
Adobe

Acrobat

= 7.1.1
📦
Adobe

Acrobat

= 7.1.2
📦
Adobe

Acrobat

= 7.1.3
📦
Adobe

Acrobat

= 7.1.4
📦
Adobe

Acrobat

= 8.0
📦
Adobe

Acrobat

= 8.1
📦
Adobe

Acrobat

= 8.1.1
📦
Adobe

Acrobat

= 8.1.2
📦
Adobe

Acrobat

= 8.1.3
📦
Adobe

Acrobat

= 8.1.4
📦
Adobe

Acrobat

= 8.1.5
📦
Adobe

Acrobat

= 8.1.6
📦
Adobe

Acrobat

= 8.1.7
📦
Adobe

Acrobat

= 9.0
📦
Adobe

Acrobat

= 9.1
📦
Adobe

Acrobat

= 9.1.1
📦
Adobe

Acrobat

= 9.1.2
📦
Adobe

Acrobat

= 9.1.3
📦
Adobe

Acrobat Reader

<= 9.2
📦
Adobe

Acrobat Reader

= 3.0
📦
Adobe

Acrobat Reader

= 3.01
📦
Adobe

Acrobat Reader

= 3.02
📦
Adobe

Acrobat Reader

= 4.0
📦
Adobe

Acrobat Reader

= 4.0.5
📦
Adobe

Acrobat Reader

= 4.0.5a
📦
Adobe

Acrobat Reader

= 4.0.5c
📦
Adobe

Acrobat Reader

= 4.5
📦
Adobe

Acrobat Reader

= 5.0
📦
Adobe

Acrobat Reader

= 5.0.5
📦
Adobe

Acrobat Reader

= 5.0.6
📦
Adobe

Acrobat Reader

= 5.0.7
📦
Adobe

Acrobat Reader

= 5.0.9
📦
Adobe

Acrobat Reader

= 5.0.10
📦
Adobe

Acrobat Reader

= 5.0.11
📦
Adobe

Acrobat Reader

= 5.1
📦
Adobe

Acrobat Reader

= 6.0
📦
Adobe

Acrobat Reader

= 6.0.1
📦
Adobe

Acrobat Reader

= 6.0.2
📦
Adobe

Acrobat Reader

= 6.0.3
📦
Adobe

Acrobat Reader

= 6.0.4
📦
Adobe

Acrobat Reader

= 6.0.5
📦
Adobe

Acrobat Reader

= 7.0
📦
Adobe

Acrobat Reader

= 7.0.1
📦
Adobe

Acrobat Reader

= 7.0.2
📦
Adobe

Acrobat Reader

= 7.0.3
📦
Adobe

Acrobat Reader

= 7.0.4
📦
Adobe

Acrobat Reader

= 7.0.5
📦
Adobe

Acrobat Reader

= 7.0.6
📦
Adobe

Acrobat Reader

= 7.0.7
📦
Adobe

Acrobat Reader

= 7.0.8
📦
Adobe

Acrobat Reader

= 7.0.9
📦
Adobe

Acrobat Reader

= 7.1.0
📦
Adobe

Acrobat Reader

= 7.1.1
📦
Adobe

Acrobat Reader

= 7.1.2
📦
Adobe

Acrobat Reader

= 7.1.3
📦
Adobe

Acrobat Reader

= 8.0
📦
Adobe

Acrobat Reader

= 8.1
📦
Adobe

Acrobat Reader

= 8.1.1
📦
Adobe

Acrobat Reader

= 8.1.2
📦
Adobe

Acrobat Reader

= 8.1.4
📦
Adobe

Acrobat Reader

= 8.1.5
📦
Adobe

Acrobat Reader

= 8.1.6
📦
Adobe

Acrobat Reader

= 8.1.7
📦
Adobe

Acrobat Reader

= 9.0
📦
Adobe

Acrobat Reader

= 9.1
📦
Adobe

Acrobat Reader

= 9.1.1
📦
Adobe

Acrobat Reader

= 9.1.2
📦
Adobe

Acrobat Reader

= 9.1.3

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
🔗 http://secunia.com/advisories/38138
🔗 http://secunia.com/advisories/38215
🔗 http://www.adobe.com/support/security/bulletins/apsb10-02.html
🔗 http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt
🔗 http://www.redhat.com/support/errata/RHSA-2010-0060.html
🔗 http://www.securityfocus.com/bid/37763
🔗 http://www.securitytracker.com/id?1023446

関連する脆弱性情報

CVE-2004-063110.0

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions...

CVE-2004-115210.0

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary c...

CVE-2004-063010.0

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those bef...

CVE-2004-115310.0

Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (appl...