High severity8.8CISA KEVNVD Advisory· Published Jan 13, 2010· Updated Jun 16, 2026
CVE-2009-3953
CVE-2009-3953
Description
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*range: >=7.0,<7.1.4
- (no CPE)range: before 9.3, before 8.2, before 7.1.4
- cpe:2.3:a:suse:linux_enterprise_debuginfo:11:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:10.0:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise:10.0:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise:10.0:sp3:*:*:*:*:*:*
- Range: before 9.3, before 8.2, before 7.1.4
Patches
Vulnerability mechanics
References
15- www.adobe.com/support/security/bulletins/apsb10-02.htmlnvdNot ApplicablePatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.htmlnvdMailing ListThird Party Advisory
- www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdeclnvdThird Party Advisory
- www.securityfocus.com/bid/37758nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- www.us-cert.gov/cas/techalerts/TA10-013A.htmlnvdThird Party AdvisoryUS Government Resource
- www.vupen.com/english/advisories/2010/0103nvdBroken LinkVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/55551nvdThird Party AdvisoryVDB Entry
- osvdb.org/61690nvdBroken Link
- secunia.com/advisories/38138nvdBroken Link
- secunia.com/advisories/38215nvdBroken Link
- www.redhat.com/support/errata/RHSA-2010-0060.htmlnvdBroken Link
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8242nvdBroken Link
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.