CyberSec.Space Logo
Back to CVE Browser

CVE-2009-3953

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score77.8120%
EPSS Percentile88.25th
PublishedJan 13, 2010
Last ModifiedApr 21, 2026

Vulnerability Description

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.

Affected Platforms (CPE)

πŸ“¦
Adobe

Acrobat

>= 7.0 and < 7.1.4
πŸ“¦
Adobe

Acrobat

>= 8.0 and < 8.2
πŸ“¦
Adobe

Acrobat

>= 9.0 and < 9.3
πŸ“¦
Suse

Linux Enterprise Debuginfo

= 11
πŸ’»
Opensuse

Opensuse

= 11.1
πŸ’»
Opensuse

Opensuse

= 11.2
πŸ’»
Suse

Linux Enterprise

= 10.0
πŸ’»
Suse

Linux Enterprise

= 10.0

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
πŸ”— http://osvdb.org/61690
πŸ”— http://secunia.com/advisories/38138
πŸ”— http://secunia.com/advisories/38215
πŸ”— http://www.adobe.com/support/security/bulletins/apsb10-02.html
πŸ”— http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl
πŸ”— http://www.redhat.com/support/errata/RHSA-2010-0060.html
πŸ”— http://www.securityfocus.com/bid/37758

Related Vulnerabilities

CVE-2004-063110.0

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions...

CVE-2004-115210.0

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary c...

CVE-2004-063010.0

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those bef...

CVE-2004-115310.0

Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (appl...