Description
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16622
metasploit
WORKING POC
GOOD
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/adobe_u3d_meshdecl.rb
References (15)
Scores
CVSS v3
8.8
EPSS
0.9051
EPSS Percentile
99.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-06-08
VulnCheck KEV
2016-09-29
InTheWild.io
2019-01-01
ENISA EUVD
EUVD-2009-3924
CWE
CWE-787
Status
published
Products (5)
adobe/acrobat
7.0 - 7.1.4
opensuse/opensuse
11.1
opensuse/opensuse
11.2
suse/linux_enterprise
10.0 sp2 (2 CPE variants)
suse/linux_enterprise_debuginfo
11
Published
Jan 13, 2010
KEV Added
Jun 08, 2022
Tracked Since
Feb 18, 2026