Rapid7 Vulnerability & Exploit Database

SUSE Linux Security Vulnerability: CVE-2009-3956

Back to Search

SUSE Linux Security Vulnerability: CVE-2009-3956

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
01/13/2010
Created
07/25/2018
Added
02/17/2015
Modified
07/04/2017

Description

The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.

Solution(s)

  • suse-upgrade-acroread
  • suse-upgrade-acroread_ja

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;