5.7 Medium
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.032 Low
EPSS
Percentile
91.2%
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a โscript injection vulnerability,โ as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.
lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
secunia.com/advisories/38138
secunia.com/advisories/38215
www.adobe.com/support/security/bulletins/apsb10-02.html
www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt
www.redhat.com/support/errata/RHSA-2010-0060.html
www.securityfocus.com/bid/37763
www.securitytracker.com/id?1023446
www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf
www.us-cert.gov/cas/techalerts/TA10-013A.html
www.vupen.com/english/advisories/2010/0103
bugzilla.redhat.com/show_bug.cgi?id=554296
exchange.xforce.ibmcloud.com/vulnerabilities/55554
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8327