1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability

Known Exploited Vulnerabilities CVE-2009-3953

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2009-3953 Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability exploitation_technique T1204.002 Malicious File
Comments
This vulnerability is exploited by having a user open a maliciously-crafted pdf file.
References
  1. https://eromang.zataz.com/2011/02/06/cve-2009-3953-adobe-acrobat-u3d-clodprogressivemeshdeclaration-array-overrun/