CVE-2009-3953
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- November 16, 2009
- Published Date
- January 13, 2010
- Last Updated
- February 04, 2025
- Vendor
- Adobe
- Product
- Reader and Acrobat
- Description
- The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
- Tags
- Exploitation
- active
- Technical Impact
- total
- Exploited in the Wild
- Yes (2022-06-08 00:00:00 UTC) Source
windows
macos
cisa
metasploit_scanner
CVSS Scores
CVSS v3.1
8.8 - HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS v2.0
10.0
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
SSVC Information
Exploit Status
References
http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl
http://secunia.com/advisories/38138
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8242
http://www.adobe.com/support/security/bulletins/apsb10-02.html
http://www.redhat.com/support/errata/RHSA-2010-0060.html
http://www.vupen.com/english/advisories/2010/0103
http://www.securitytracker.com/id?1023446
http://osvdb.org/61690
https://bugzilla.redhat.com/show_bug.cgi?id=554293
https://exchange.xforce.ibmcloud.com/vulnerabilities/55551
http://secunia.com/advisories/38215
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://www.us-cert.gov/cas/techalerts/TA10-013A.html
http://www.securityfocus.com/bid/37758
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-06-08 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/adobe_u3d_meshdecl.rb | 2025-04-29 11:01:34 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
adobe_u3d_meshdecl
Type: metasploit • Created: Unknown
Metasploit module for CVE-2009-3953
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Metasploit