CVEブラウザに戻る

CVE-2009-3953

Known Exploited (CISA KEV)HIGH

8.8

CVSS Severity Score

EPSS Score77.8120%

EPSS Percentile88.25th

Published2010年1月13日

Last Modified2026年4月21日

Vulnerability Description

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.

Affected Platforms (CPE)

📦

Adobe

Acrobat

>= 7.0 and < 7.1.4

📦

Adobe

Acrobat

>= 8.0 and < 8.2

📦

Adobe

Acrobat

>= 9.0 and < 9.3

📦

Suse

Linux Enterprise Debuginfo

= 11

💻

Opensuse

Opensuse

= 11.1

💻

Opensuse

Opensuse

= 11.2

💻

Suse

Linux Enterprise

= 10.0

💻

Suse

Linux Enterprise

= 10.0

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html

🔗 http://osvdb.org/61690

🔗 http://secunia.com/advisories/38138

🔗 http://secunia.com/advisories/38215

🔗 http://www.adobe.com/support/security/bulletins/apsb10-02.html

🔗 http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl

🔗 http://www.redhat.com/support/errata/RHSA-2010-0060.html

🔗 http://www.securityfocus.com/bid/37758

関連する脆弱性情報

CVE-2004-063110.0

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions...

CVE-2004-115210.0

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary c...

CVE-2004-063010.0

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those bef...

CVE-2004-115310.0

Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (appl...