CVE-2009-3953

high

Description

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.

References

Advisories
More

https://exchange.xforce.ibmcloud.com/vulnerabilities/55551

http://www.us-cert.gov/cas/techalerts/TA10-013A.html

http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html

https://bugzilla.redhat.com/show_bug.cgi?id=554293

http://www.adobe.com/support/security/bulletins/apsb10-02.html

Details

Source: Mitre, NVD

Published: 2010-01-13

Updated: 2025-04-09

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.91826