返回 CVE 瀏覽器

CVE-2009-3953

Known Exploited (CISA KEV)HIGH

8.8

CVSS Severity Score

EPSS Score77.8120%

EPSS Percentile88.25th

Published2010年1月13日

Last Modified2026年4月21日

Vulnerability Description

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.

Affected Platforms (CPE)

📦

Adobe

Acrobat

>= 7.0 and < 7.1.4

📦

Adobe

Acrobat

>= 8.0 and < 8.2

📦

Adobe

Acrobat

>= 9.0 and < 9.3

📦

Suse

Linux Enterprise Debuginfo

= 11

💻

Opensuse

Opensuse

= 11.1

💻

Opensuse

Opensuse

= 11.2

💻

Suse

Linux Enterprise

= 10.0

💻

Suse

Linux Enterprise

= 10.0

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html

🔗 http://osvdb.org/61690

🔗 http://secunia.com/advisories/38138

🔗 http://secunia.com/advisories/38215

🔗 http://www.adobe.com/support/security/bulletins/apsb10-02.html

🔗 http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl

🔗 http://www.redhat.com/support/errata/RHSA-2010-0060.html

🔗 http://www.securityfocus.com/bid/37758

相關漏洞威脅

CVE-2004-063110.0

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions...

CVE-2004-115210.0

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary c...

CVE-2004-063010.0

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those bef...

CVE-2004-115310.0

Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (appl...