CVE-2009-3956 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-3956 Interim 1 6 2023-12-09T02:01:15Z current 2021-05-30T12:49:08Z 2023-12-09T02:01:15Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-3956 The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAYU3JB3JULU2SUXUENBJSQTIMARSUKY/#AAYU3JB3JULU2SUXUENBJSQTIMARSUKY E-Mail link for SUSE-SA:2010:008 https://www.suse.com/support/security/rating/ SUSE Security Ratings The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers. CVE-2009-3956 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C