10
CVE-2009-3953
- EPSS 83.86%
- Veröffentlicht 13.01.2010 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:41
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Suse ≫ Linux Enterprise Debuginfo Version11 Update-
Suse ≫ Linux Enterprise Version10.0 Updatesp2
Suse ≫ Linux Enterprise Version10.0 Updatesp3
08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability
SchwachstelleAdobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 83.86% | 0.997 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://secunia.com/advisories/38138
http://secunia.com/advisories/38215
http://www.adobe.com/support/security/bulletins/apsb10-02.html
http://www.redhat.com/support/errata/RHSA-2010-0060.html
http://www.us-cert.gov/cas/techalerts/TA10-013A.html
http://www.vupen.com/english/advisories/2010/0103
http://osvdb.org/61690
http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl
http://www.securityfocus.com/bid/37758
http://www.securitytracker.com/id?1023446
https://bugzilla.redhat.com/show_bug.cgi?id=554293
https://exchange.xforce.ibmcloud.com/vulnerabilities/55551
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8242
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3953