Overview
- Description
- The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
- Source
- psirt@adobe.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Known exploits
Data from CISA
- Vulnerability name
- Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability
- Exploit added on
- Jun 8, 2022
- Exploit action due
- Jun 22, 2022
- Required action
- Apply updates per vendor instructions.
Weaknesses
- nvd@nist.gov
- CWE-787
Social media
- Hype score
- Not currently trending
Evaluator
- Comment
- -
- Impact
- Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html Affected software versions: Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh
- Solution
- Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html Affected software versions: Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C1329474-A9CD-44C3-828C-A0D53418300B",
"versionEndExcluding": "7.1.4",
"versionStartIncluding": "7.0"
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9670133C-09FA-41F2-B0F7-BFE960E30B71",
"versionEndExcluding": "8.2",
"versionStartIncluding": "8.0"
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA95CC75-BF25-4BEB-B646-ACDBBE32AF4F",
"versionEndExcluding": "9.3",
"versionStartIncluding": "9.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD"
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C76D0C17-2AFF-4209-BBCD-36166DF7F974"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:10.0:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A3B50EE-F432-40BE-B422-698955A6058D"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:10.0:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1193A7E6-DCB4-4E79-A509-1D6948153A57"
}
],
"operator": "OR"
}
]
}
]