CVE-2009-3953

high

Description

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/55551

https://bugzilla.redhat.com/show_bug.cgi?id=554293

http://www.us-cert.gov/cas/techalerts/TA10-013A.html

http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl

http://www.adobe.com/support/security/bulletins/apsb10-02.html

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html

Details

Source: Mitre, NVD

Published: 2010-01-13

Updated: 2024-12-19

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High