Published: 13/01/2010 Updated: 30/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The U3D implementation in Adobe Reader and Acrobat 9.x prior to 9.3, 8.x prior to 8.2 on Windows and Mac OS X, and 7.x prior to 7.1.4 allows remote malicious users to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe acrobat 9.1.1
adobe acrobat 9.1
adobe acrobat 8.1.1
adobe acrobat 8.1
adobe acrobat 7.0.9
adobe acrobat 7.0.8
adobe acrobat 7.0.1
adobe acrobat 7.0
adobe acrobat 5.0.6
adobe acrobat 5.0.5
adobe acrobat 3.1
adobe acrobat 3.0
adobe acrobat 9.0
adobe acrobat 8.1.7
adobe acrobat 8.0
adobe acrobat 7.1.4
adobe acrobat 7.0.7
adobe acrobat 7.0.6
adobe acrobat 6.0.6
adobe acrobat 6.0.5
adobe acrobat 6.0.4
adobe acrobat 5.0.10
adobe acrobat 5.0
adobe acrobat 9.1.3
adobe acrobat 9.1.2
adobe acrobat 8.1.3
adobe acrobat 8.1.2
adobe acrobat 7.1.1
adobe acrobat 7.1.0
adobe acrobat 7.0.3
adobe acrobat 7.0.2
adobe acrobat 6.0.1
adobe acrobat 6.0
adobe acrobat 4.0.5
adobe acrobat 4.0
adobe acrobat
adobe acrobat 8.1.6
adobe acrobat 8.1.5
adobe acrobat 8.1.4
adobe acrobat 7.1.3
adobe acrobat 7.1.2
adobe acrobat 7.0.5
adobe acrobat 7.0.4
adobe acrobat 6.0.3
adobe acrobat 6.0.2
adobe acrobat 4.0.5c
adobe acrobat 4.0.5a
adobe acrobat_reader 9.1.3
adobe acrobat_reader 9.1.2
adobe acrobat_reader 9.1.1
adobe acrobat_reader 8.1.2
adobe acrobat_reader 8.1.1
adobe acrobat_reader 7.0.6
adobe acrobat_reader 7.0.5
adobe acrobat_reader 7.1.3
adobe acrobat_reader 7.1.2
adobe acrobat_reader 6.0.5
adobe acrobat_reader 5.0.9
adobe acrobat_reader 5.0.7
adobe acrobat_reader 4.0.5c
adobe acrobat_reader 4.0.5a
adobe acrobat_reader 9.1
adobe acrobat_reader 9.0
adobe acrobat_reader 8.1
adobe acrobat_reader 8.0
adobe acrobat_reader 7.0.4
adobe acrobat_reader 7.0.3
adobe acrobat_reader 6.0.4
adobe acrobat_reader 6.0.3
adobe acrobat_reader 5.0.6
adobe acrobat_reader 5.0.5
adobe acrobat_reader 4.0.5
adobe acrobat_reader 4.0
adobe acrobat_reader
adobe acrobat_reader 8.1.5
adobe acrobat_reader 8.1.4
adobe acrobat_reader 7.0.8
adobe acrobat_reader 7.0.7
adobe acrobat_reader 7.0
adobe acrobat_reader 7.1.1
adobe acrobat_reader 6.0
adobe acrobat_reader 5.1
adobe acrobat_reader 5.0
adobe acrobat_reader 4.5
adobe acrobat_reader 3.0
adobe acrobat_reader 8.1.7
adobe acrobat_reader 8.1.6
adobe acrobat_reader 7.1.0
adobe acrobat_reader 7.0.9
adobe acrobat_reader 7.0.2
adobe acrobat_reader 7.0.1
adobe acrobat_reader 6.0.2
adobe acrobat_reader 6.0.1
adobe acrobat_reader 5.0.11
adobe acrobat_reader 5.0.10
adobe acrobat_reader 3.02
adobe acrobat_reader 3.01

Synopsis Critical: acroread security and bug fix update Type/Severity Security Advisory: Critical Topic Updated acroread packages that fix multiple security issues and three bugsare now available for Red Hat Enterprise Linux 5 SupplementaryThis update has been rated as having critical security impact by th ...

Synopsis Critical: acroread security update Type/Severity Security Advisory: Critical Topic Updated acroread packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 4 ExtrasThis update has been rated as having critical security impact by the RedHat Security Response Team ...

Synopsis Critical: acroread security update Type/Severity Security Advisory: Critical Topic The acroread packages as shipped in Red Hat Enterprise Linux 3 Extrascontain security flaws and should not be usedThis update has been rated as having critical security impact by the RedHat Security Response Team ...

## # $Id: adobe_u3d_meshdeclrb 10477 2010-09-25 11:59:02Z mc $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' requir ...

CWE-119 http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.us-cert.gov/cas/techalerts/TA10-013A.html http://www.vupen.com/english/advisories/2010/0103 http://www.securitytracker.com/id?1023446 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://osvdb.org/61690 http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl http://secunia.com/advisories/38138 http://www.securityfocus.com/bid/37758 http://www.redhat.com/support/errata/RHSA-2010-0060.html https://bugzilla.redhat.com/show_bug.cgi?id=554293 http://secunia.com/advisories/38215 https://exchange.xforce.ibmcloud.com/vulnerabilities/55551 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8242 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2010:0037 https://www.exploit-db.com/exploits/16622/

CVE-2009-3953

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect