CVE-2009-3953
critical-risk
Published 2010-01-13
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
Do I need to act?
!
90.5% chance of exploitation in next 30 days
EPSS score — higher than 9% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (6)
References (29)
Broken Link
http://osvdb.org/61690
Broken Link
http://secunia.com/advisories/38138
Broken Link
http://secunia.com/advisories/38215
Third Party Advisory
http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl
Broken Link
http://www.securityfocus.com/bid/37758
Broken Link
http://www.securitytracker.com/id?1023446
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA10-013A.html
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=554293
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/55551
Broken Link
http://osvdb.org/61690
Broken Link
http://secunia.com/advisories/38138
Broken Link
http://secunia.com/advisories/38215
Third Party Advisory
http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl
and 9 more references
77
/ 100
critical-risk
Severity
30/34 · Critical
Exploitability
34/34 · Critical
Exposure
13/34 · Low