⚠ Actively exploited
Added to CISA KEV on 2022-06-08. Federal agencies required to patch by 2022-06-22. Required action: Apply updates per vendor instructions..
CVE-2009-3953 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat
Severity
8.8HIGHNVD
CNA9.3
EPSS
90.5%
top 0.39%
CISA KEV
KEV
Added 2022-06-08
Due 2022-06-22
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJan 13
KEV addedJun 8
KEV dueJun 22
CISA Required Action: Apply updates per vendor instructions.
Description
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages3 packages
Also affects: Linux Enterprise 10.0
Patches
🔴Vulnerability Details
3💥Exploits & PoCs
1📋Vendor Advisories
2💬Community
1Bugzilla▶
CVE-2009-3953 CVE-2009-3954 CVE-2009-3955 CVE-2009-3959 acroread: multiple code execution flaws (APSB10-02)↗2010-01-11