CVE-2009-3953

EUVD-2009-3924
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
adobeacrobat
7.0 ≤
𝑥
< 7.1.4
adobeacrobat
8.0 ≤
𝑥
< 8.2
adobeacrobat
9.0 ≤
𝑥
< 9.3
opensuseopensuse
11.1
opensuseopensuse
11.2
suselinux_enterprise
10.0:sp2
suselinux_enterprise
10.0:sp3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://osvdb.org/61690
http://secunia.com/advisories/38138
http://secunia.com/advisories/38215
http://www.adobe.com/support/security/bulletins/apsb10-02.html
http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl
http://www.redhat.com/support/errata/RHSA-2010-0060.html
http://www.securityfocus.com/bid/37758
http://www.securitytracker.com/id?1023446
http://www.us-cert.gov/cas/techalerts/TA10-013A.html
http://www.vupen.com/english/advisories/2010/0103
https://bugzilla.redhat.com/show_bug.cgi?id=554293
https://exchange.xforce.ibmcloud.com/vulnerabilities/55551
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8242
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://osvdb.org/61690
http://secunia.com/advisories/38138
http://secunia.com/advisories/38215
http://www.adobe.com/support/security/bulletins/apsb10-02.html
http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl
http://www.redhat.com/support/errata/RHSA-2010-0060.html
http://www.securityfocus.com/bid/37758
http://www.securitytracker.com/id?1023446
http://www.us-cert.gov/cas/techalerts/TA10-013A.html
http://www.vupen.com/english/advisories/2010/0103
https://bugzilla.redhat.com/show_bug.cgi?id=554293
https://exchange.xforce.ibmcloud.com/vulnerabilities/55551
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8242
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3953