Lucene search

[email protected]NVD:CVE-2009-3953

HistoryJan 13, 2010 - 7:30 p.m.

CVE-2009-3953

2010-01-1319:30:00

CWE-119

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.971 High

EPSS

Percentile

99.8%

JSON

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration “array boundary issue,” a different vulnerability than CVE-2009-2994.

Affected configurations

NVD

Node

adobeacrobatRange≤9.2

adobeacrobatMatch3.0

adobeacrobatMatch3.1

adobeacrobatMatch4.0

adobeacrobatMatch4.0.5

adobeacrobatMatch4.0.5a

adobeacrobatMatch4.0.5c

adobeacrobatMatch5.0

adobeacrobatMatch5.0.5

adobeacrobatMatch5.0.6

adobeacrobatMatch5.0.10

adobeacrobatMatch6.0

adobeacrobatMatch6.0.1

adobeacrobatMatch6.0.2

adobeacrobatMatch6.0.3

adobeacrobatMatch6.0.4

adobeacrobatMatch6.0.5

adobeacrobatMatch6.0.6

adobeacrobatMatch7.0

adobeacrobatMatch7.0.1

adobeacrobatMatch7.0.2

adobeacrobatMatch7.0.3

adobeacrobatMatch7.0.4

adobeacrobatMatch7.0.5

adobeacrobatMatch7.0.6

adobeacrobatMatch7.0.7

adobeacrobatMatch7.0.8

adobeacrobatMatch7.0.9

adobeacrobatMatch7.1.0

adobeacrobatMatch7.1.1

adobeacrobatMatch7.1.2

adobeacrobatMatch7.1.3

adobeacrobatMatch7.1.4

adobeacrobatMatch8.0

adobeacrobatMatch8.1

adobeacrobatMatch8.1.1

adobeacrobatMatch8.1.2

adobeacrobatMatch8.1.3

adobeacrobatMatch8.1.4

adobeacrobatMatch8.1.5

adobeacrobatMatch8.1.6

adobeacrobatMatch8.1.7

adobeacrobatMatch9.0

adobeacrobatMatch9.1

adobeacrobatMatch9.1.1

adobeacrobatMatch9.1.2

adobeacrobatMatch9.1.3

AND

applemac_os_x

microsoftwindows

Node

adobeacrobat_readerRange≤9.2

adobeacrobat_readerMatch3.0

adobeacrobat_readerMatch3.01

adobeacrobat_readerMatch3.02

adobeacrobat_readerMatch4.0

adobeacrobat_readerMatch4.0.5

adobeacrobat_readerMatch4.0.5a

adobeacrobat_readerMatch4.0.5c

adobeacrobat_readerMatch4.5

adobeacrobat_readerMatch5.0

adobeacrobat_readerMatch5.0.5

adobeacrobat_readerMatch5.0.6

adobeacrobat_readerMatch5.0.7

adobeacrobat_readerMatch5.0.9

adobeacrobat_readerMatch5.0.10

adobeacrobat_readerMatch5.0.11

adobeacrobat_readerMatch5.1

adobeacrobat_readerMatch6.0

adobeacrobat_readerMatch6.0.1

adobeacrobat_readerMatch6.0.2

adobeacrobat_readerMatch6.0.3

adobeacrobat_readerMatch6.0.4

adobeacrobat_readerMatch6.0.5

adobeacrobat_readerMatch7.0

adobeacrobat_readerMatch7.0.1

adobeacrobat_readerMatch7.0.2

adobeacrobat_readerMatch7.0.3

adobeacrobat_readerMatch7.0.4

adobeacrobat_readerMatch7.0.5

adobeacrobat_readerMatch7.0.6

adobeacrobat_readerMatch7.0.7

adobeacrobat_readerMatch7.0.8

adobeacrobat_readerMatch7.0.9

adobeacrobat_readerMatch7.1.0

adobeacrobat_readerMatch7.1.1

adobeacrobat_readerMatch7.1.2

adobeacrobat_readerMatch7.1.3

adobeacrobat_readerMatch8.0

adobeacrobat_readerMatch8.1

adobeacrobat_readerMatch8.1.1

adobeacrobat_readerMatch8.1.2

adobeacrobat_readerMatch8.1.4

adobeacrobat_readerMatch8.1.5

adobeacrobat_readerMatch8.1.6

adobeacrobat_readerMatch8.1.7

adobeacrobat_readerMatch9.0

adobeacrobat_readerMatch9.1

adobeacrobat_readerMatch9.1.1

adobeacrobat_readerMatch9.1.2

adobeacrobat_readerMatch9.1.3

AND

applemac_os_x

microsoftwindows

unixunix

References

lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html

osvdb.org/61690

secunia.com/advisories/38138

secunia.com/advisories/38215

www.adobe.com/support/security/bulletins/apsb10-02.html

www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl

www.redhat.com/support/errata/RHSA-2010-0060.html

www.securityfocus.com/bid/37758

www.securitytracker.com/id?1023446

www.us-cert.gov/cas/techalerts/TA10-013A.html

www.vupen.com/english/advisories/2010/0103

bugzilla.redhat.com/show_bug.cgi?id=554293

exchange.xforce.ibmcloud.com/vulnerabilities/55551

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8242

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.971 High

EPSS

Percentile

99.8%

JSON

Related for NVD:CVE-2009-3953

cve2 attackerkb1 cvelist2 canvas1 prion2 checkpoint_advisories4 packetstorm2 seebug3 cisa_kev1 exploitpack1 nvd1 ubuntucve1 exploitdb1 securityvulns2 redhat4 nessus28 openvas14 threatpost1 suse2 gentoo2