10

CVE-2009-3953

Warning

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.

Data is provided by the National Vulnerability Database (NVD)
AdobeAcrobat Version >= 7.0 < 7.1.4
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeAcrobat Version >= 8.0 < 8.2
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeAcrobat Version >= 9.0 < 9.3
   ApplemacOS X Version-
   MicrosoftWindows Version-
SuseLinux Enterprise Debuginfo Version11 Update-
OpensuseOpensuse Version11.1
OpensuseOpensuse Version11.2
SuseLinux Enterprise Version10.0 Updatesp2
SuseLinux Enterprise Version10.0 Updatesp3

08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability

Vulnerability

Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 90.51% 0.996
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.us-cert.gov/cas/techalerts/TA10-013A.html
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/37758
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1023446
Third Party Advisory
Broken Link
VDB Entry