CVE-2009-3953
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- November 16, 2009
- Published Date
- January 13, 2010
- Last Updated
- February 04, 2025
- Vendor
- n/a
- Product
- n/a
- Description
- The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
CVSS Scores
CVSS v3.1
8.8 - HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Technical Impact
- total
Exploit Status
- Exploited in the Wild
- Yes (added 2022-06-08 00:00:00 UTC) Source
References
http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl
http://secunia.com/advisories/38138
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8242
http://www.adobe.com/support/security/bulletins/apsb10-02.html
http://www.redhat.com/support/errata/RHSA-2010-0060.html
http://www.vupen.com/english/advisories/2010/0103
http://www.securitytracker.com/id?1023446
http://osvdb.org/61690
https://bugzilla.redhat.com/show_bug.cgi?id=554293
https://exchange.xforce.ibmcloud.com/vulnerabilities/55551
http://secunia.com/advisories/38215
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://www.us-cert.gov/cas/techalerts/TA10-013A.html
http://www.securityfocus.com/bid/37758
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-06-08 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/adobe_u3d_meshdecl.rb | 2025-04-29 11:01:34 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
adobe_u3d_meshdecl
Type: metasploit • Created: Unknown
Metasploit module for CVE-2009-3953