|Bugzilla:||554296: CVE-2009-3956 acroread: script injection vulnerability (APSB10-02)|
The MITRE CVE dictionary describes this issue as:
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Enterprise Linux Server Supplementary (v. 5) (acroread)||RHSA-2010:0037||January 13, 2010|
|Red Hat Enterprise Linux version 3 Extras (acroread)||RHSA-2010:0060||January 20, 2010|
|Red Hat Enterprise Linux version 4 Extras (acroread)||RHSA-2010:0038||January 13, 2010|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.