CVE-2009-3953
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
99.8%
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration “array boundary issue,” a different vulnerability than CVE-2009-2994.
Affected configurations
References
lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
osvdb.org/61690
secunia.com/advisories/38138
secunia.com/advisories/38215
www.adobe.com/support/security/bulletins/apsb10-02.html
www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl
www.redhat.com/support/errata/RHSA-2010-0060.html
www.securityfocus.com/bid/37758
www.securitytracker.com/id?1023446
www.us-cert.gov/cas/techalerts/TA10-013A.html
www.vupen.com/english/advisories/2010/0103
bugzilla.redhat.com/show_bug.cgi?id=554293
exchange.xforce.ibmcloud.com/vulnerabilities/55551
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8242
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
99.8%