CVE-2009-3953

HIGH KEV

Adobe Acrobat 7.0-7.1.3 - Remote Code Execution via U3D CLODProgressiveMeshDeclaration Array Boundary Issue

Title source: llm

Exploitation Summary

CVE-2009-3953 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 8, 2022. EIP tracks 2 public exploits from researchers including Metasploit, including a Metasploit module exploits/windows/fileformat/adobe_u3d_meshdecl.

AI-analyzed exploit summary This exploit targets a heap-based buffer overflow in Adobe Reader/Acrobat via a malformed U3D file embedded in a PDF. It uses JavaScript heap spraying to achieve reliable code execution on vulnerable versions.

Description

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/16622

View Code ZIP pw:eip

This exploit targets a heap-based buffer overflow in Adobe Reader/Acrobat via a malformed U3D file embedded in a PDF. It uses JavaScript heap spraying to achieve reliable code execution on vulnerable versions.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Adobe Reader/Acrobat < 7.1.4, < 8.2, < 9.3

No auth needed

Prerequisites: Vulnerable Adobe Reader/Acrobat installation · User interaction to open malicious PDF

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GOOD

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/adobe_u3d_meshdecl.rb

View Code ZIP pw:eip

This Metasploit module exploits a heap-based buffer overflow in Adobe Reader/Acrobat via a malformed U3D file embedded in a PDF. It uses JavaScript heap spraying to achieve reliable code execution on vulnerable versions.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Adobe Reader/Acrobat < 7.1.4, < 8.2, < 9.3

No auth needed

Prerequisites: Vulnerable Adobe Reader/Acrobat installation · User interaction to open malicious PDF

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15

Core References

Broken Link vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8242

Broken Link vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2010-0060.html

Broken Link, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/0103

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1023446

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=554293

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/55551

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA10-013A.html

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/37758

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3953

Third Party Advisory x_refsource_misc

http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38138

Not Applicable, Patch, Vendor Advisory x_refsource_confirm

http://www.adobe.com/support/security/bulletins/apsb10-02.html

Broken Link vdb-entry x_refsource_osvdb

http://osvdb.org/61690

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38215

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html

Scores

CVSS v3 8.8

EPSS 0.9051

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-06-08

VulnCheck KEV 2016-09-29

InTheWild.io 2019-01-01

ENISA EUVD EUVD-2009-3924

CWE

CWE-787

Status published

Products (5)

adobe/acrobat 7.0 - 7.1.4

opensuse/opensuse 11.1

opensuse/opensuse 11.2

suse/linux_enterprise 10.0 sp2 (2 CPE variants)

suse/linux_enterprise_debuginfo 11

Published Jan 13, 2010

KEV Added Jun 08, 2022

Tracked Since Feb 18, 2026