{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-01-12T00:00:00", "descriptions": [{"lang": "en", "value": "The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration \"array boundary issue,\" a different vulnerability than CVE-2009-2994."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl"}, {"name": "38138", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38138"}, {"name": "oval:org.mitre.oval:def:8242", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8242"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"}, {"name": "RHSA-2010:0060", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"}, {"name": "ADV-2010-0103", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0103"}, {"name": "1023446", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1023446"}, {"name": "61690", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/61690"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"}, {"name": "acrobat-reader-u3d-code-execution(55551)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55551"}, {"name": "38215", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38215"}, {"name": "SUSE-SA:2010:008", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"}, {"name": "TA10-013A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"}, {"name": "37758", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37758"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2009-3953", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration \"array boundary issue,\" a different vulnerability than CVE-2009-2994."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl", "refsource": "MISC", "url": "http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl"}, {"name": "38138", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38138"}, {"name": "oval:org.mitre.oval:def:8242", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8242"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb10-02.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"}, {"name": "RHSA-2010:0060", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"}, {"name": "ADV-2010-0103", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0103"}, {"name": "1023446", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1023446"}, {"name": "61690", "refsource": "OSVDB", "url": "http://osvdb.org/61690"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=554293", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"}, {"name": "acrobat-reader-u3d-code-execution(55551)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55551"}, {"name": "38215", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38215"}, {"name": "SUSE-SA:2010:008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"}, {"name": "TA10-013A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"}, {"name": "37758", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37758"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:45:50.938Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl"}, {"name": "38138", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38138"}, {"name": "oval:org.mitre.oval:def:8242", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8242"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"}, {"name": "RHSA-2010:0060", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"}, {"name": "ADV-2010-0103", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0103"}, {"name": "1023446", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1023446"}, {"name": "61690", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/61690"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"}, {"name": "acrobat-reader-u3d-code-execution(55551)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55551"}, {"name": "38215", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38215"}, {"name": "SUSE-SA:2010:008", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"}, {"name": "TA10-013A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"}, {"name": "37758", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/37758"}]}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2009-3953", "datePublished": "2010-01-13T19:00:00", "dateReserved": "2009-11-16T00:00:00", "dateUpdated": "2024-08-07T06:45:50.938Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"cisaActionDue": "2022-06-22", "cisaExploitAdd": "2022-06-08", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1329474-A9CD-44C3-828C-A0D53418300B", "versionEndExcluding": "7.1.4", "versionStartIncluding": "7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "matchCriteriaId": "9670133C-09FA-41F2-B0F7-BFE960E30B71", "versionEndExcluding": "8.2", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA95CC75-BF25-4BEB-B646-ACDBBE32AF4F", "versionEndExcluding": "9.3", "versionStartIncluding": "9.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:-:*:*:*:*:*:*", "matchCriteriaId": "C76D0C17-2AFF-4209-BBCD-36166DF7F974", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise:10.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "6A3B50EE-F432-40BE-B422-698955A6058D", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise:10.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "1193A7E6-DCB4-4E79-A509-1D6948153A57", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration \"array boundary issue,\" a different vulnerability than CVE-2009-2994."}, {"lang": "es", "value": "La implementaci\u00f3n U3D en Adobe Reader y Acrobat v9.x anterior a v9.3, y v8.x anterior a v8.2 sobre Windows y Mac OS X, podr\u00eda permitir a atacantes ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados, relacionados con una \"cuesti\u00f3n de limitaci\u00f3n en el array\"."}], "evaluatorImpact": "Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html\r\n\r\nAffected software versions:\r\n\r\nAdobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX\r\nAdobe Acrobat 9.2 and earlier versions for Windows and Macintosh", "id": "CVE-2009-3953", "lastModified": "2024-06-28T14:20:25.363", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2010-01-13T19:30:00.343", "references": [{"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://osvdb.org/61690"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/38138"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/38215"}, {"source": "psirt@adobe.com", "tags": ["Not Applicable", "Patch", "Vendor Advisory"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/37758"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1023446"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0103"}, {"source": "psirt@adobe.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55551"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8242"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2010:0060", "cpe": "cpe:/a:redhat:rhel_extras:3", "package": "acroread-0:9.3-3", "product_name": "Extras for RHEL 3", "release_date": "2010-01-20T00:00:00Z"}, {"advisory": "RHSA-2010:0038", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "acroread-0:9.3-1.el4", "product_name": "Extras for RHEL 4", "release_date": "2010-01-13T00:00:00Z"}, {"advisory": "RHSA-2010:0037", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "acroread-0:9.3-1.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2010-01-13T00:00:00Z"}], "bugzilla": {"description": "acroread: multiple code execution flaws (APSB10-02)", "id": "554293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration \"array boundary issue,\" a different vulnerability than CVE-2009-2994."], "name": "CVE-2009-3953", "public_date": "2010-01-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-3953\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-3953\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Critical"}