10

CVE-2009-3953

Warnung
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeAcrobat Version >= 7.0 < 7.1.4
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeAcrobat Version >= 8.0 < 8.2
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeAcrobat Version >= 9.0 < 9.3
   ApplemacOS X Version-
   MicrosoftWindows Version-
SuseLinux Enterprise Debuginfo Version11 Update-
OpensuseOpensuse Version11.1
OpensuseOpensuse Version11.2
SuseLinux Enterprise Version10.0 Updatesp2
SuseLinux Enterprise Version10.0 Updatesp3

08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability

Schwachstelle

Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 83.86% 0.997
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/38138
Broken Link
http://secunia.com/advisories/38215
Broken Link
http://www.adobe.com/support/security/bulletins/apsb10-02.html
Patch
Vendor Advisory
Not Applicable
http://www.redhat.com/support/errata/RHSA-2010-0060.html
Broken Link
http://www.us-cert.gov/cas/techalerts/TA10-013A.html
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2010/0103
Vendor Advisory
Broken Link
http://osvdb.org/61690
Broken Link
http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl
Third Party Advisory
http://www.securityfocus.com/bid/37758
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1023446
Third Party Advisory
Broken Link
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=554293
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/55551
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8242
Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3953
US Government Resource