CVE-2009-3953

CVE Database · CVE-2009-3953

CVE-2009-3953

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

83.57%

Published

Jan 13, 2010

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2022-06-08 · Due: 2022-06-22

Apply updates per vendor instructions.

Public PoC / Exploit (2)

All weaponized →

Exploit-DBAdobe - U3D CLODProgressiveMeshDeclaration Array Overrun (Metasploit) (2)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787CWE-787

Affected Products (10)

adobe · acrobat (up to 7.1.4)vulnerable

adobe · acrobat (up to 8.2)vulnerable

adobe · acrobat (up to 9.3)vulnerable

apple · mac_os_x

microsoft · windows

suse · linux_enterprise_debuginfovulnerable

opensuse · opensusevulnerable