High severity8.8CISA KEVNVD Advisory· Published Jan 13, 2010· Updated Apr 21, 2026
CVE-2009-3953
CVE-2009-3953
Description
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
Affected products
6- cpe:2.3:a:suse:linux_enterprise_debuginfo:11:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:10.0:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise:10.0:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise:10.0:sp3:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- www.adobe.com/support/security/bulletins/apsb10-02.htmlnvdNot ApplicablePatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.htmlnvdMailing ListThird Party Advisory
- www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdeclnvdThird Party Advisory
- www.securityfocus.com/bid/37758nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- www.us-cert.gov/cas/techalerts/TA10-013A.htmlnvdThird Party AdvisoryUS Government Resource
- www.vupen.com/english/advisories/2010/0103nvdBroken LinkVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/55551nvdThird Party AdvisoryVDB Entry
- osvdb.org/61690nvdBroken Link
- secunia.com/advisories/38138nvdBroken Link
- secunia.com/advisories/38215nvdBroken Link
- www.redhat.com/support/errata/RHSA-2010-0060.htmlnvdBroken Link
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8242nvdBroken Link
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.