CVE-2009-3953

{"id": "CVE-2009-3953", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2010-01-13T19:30:00.343", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "psirt@adobe.com"}, {"url": "http://osvdb.org/61690", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://secunia.com/advisories/38138", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://secunia.com/advisories/38215", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html", "tags": ["Not Applicable", "Patch", "Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl", "tags": ["Third Party Advisory"], "source": "psirt@adobe.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.securityfocus.com/bid/37758", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "http://www.securitytracker.com/id?1023446", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2010/0103", "tags": ["Broken Link", "Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293", "tags": ["Issue Tracking"], "source": "psirt@adobe.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55551", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8242", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/61690", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/38138", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/38215", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html", "tags": ["Not Applicable", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/37758", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1023446", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/0103", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55551", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8242", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration \"array boundary issue,\" a different vulnerability than CVE-2009-2994."}, {"lang": "es", "value": "La implementaci\u00f3n U3D en Adobe Reader y Acrobat v9.x anterior a v9.3, y v8.x anterior a v8.2 sobre Windows y Mac OS X, podr\u00eda permitir a atacantes ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados, relacionados con una \"cuesti\u00f3n de limitaci\u00f3n en el array\"."}], "lastModified": "2025-04-09T00:30:58.490", "cisaActionDue": "2022-06-22", "cisaExploitAdd": "2022-06-08", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1329474-A9CD-44C3-828C-A0D53418300B", "versionEndExcluding": "7.1.4", "versionStartIncluding": "7.0"}, {"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9670133C-09FA-41F2-B0F7-BFE960E30B71", "versionEndExcluding": "8.2", "versionStartIncluding": "8.0"}, {"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA95CC75-BF25-4BEB-B646-ACDBBE32AF4F", "versionEndExcluding": "9.3", "versionStartIncluding": "9.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C76D0C17-2AFF-4209-BBCD-36166DF7F974"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise:10.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A3B50EE-F432-40BE-B422-698955A6058D"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise:10.0:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1193A7E6-DCB4-4E79-A509-1D6948153A57"}], "operator": "OR"}]}], "evaluatorImpact": "Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html\r\n\r\nAffected software versions:\r\n\r\nAdobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX\r\nAdobe Acrobat 9.2 and earlier versions for Windows and Macintosh", "sourceIdentifier": "psirt@adobe.com", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability"}