10

CVE-2009-3953

Warnung

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeAcrobat Version >= 7.0 < 7.1.4
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeAcrobat Version >= 8.0 < 8.2
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeAcrobat Version >= 9.0 < 9.3
   ApplemacOS X Version-
   MicrosoftWindows Version-
SuseLinux Enterprise Debuginfo Version11 Update-
OpensuseOpensuse Version11.1
OpensuseOpensuse Version11.2
SuseLinux Enterprise Version10.0 Updatesp2
SuseLinux Enterprise Version10.0 Updatesp3

08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability

Schwachstelle

Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 90.51% 0.996
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.us-cert.gov/cas/techalerts/TA10-013A.html
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/37758
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1023446
Third Party Advisory
Broken Link
VDB Entry