CVE		CVE-2009-3956
Status		Candidate
Description		The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.
Severity		High
CVSS score		10
CVSS vector		(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Phase		Assigned (21.08.2010)
NVD:		http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3956
References		BID : 37763
		CERT : TA10-013A
		CONFIRM : http://www.adobe.com/support/security/bulletins/ap...
		CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=554296
		MISC : http://www.packetstormsecurity.org/1001-exploits/S...
		MISC : http://www.stratsec.net/files/SS-2010-001_Stratsec...
		OVAL : oval:org.mitre.oval:def:8327
		REDHAT : RHSA-2010:0060
		SECTRACK : 1023446
		SECUNIA : 38138
		SECUNIA : 38215
		SUSE : SUSE-SA:2010:008
		VUPEN : ADV-2010-0103
		XF : acrobat-reader-unspec-xss(55554)
SecurityVulns:		Adobe Acrobat and Reader multiple security vulnerabilities