Details of VAR-200912-0756

ID

VAR-200912-0756

CVE

CVE-2009-3953

TITLE

Adobe Acrobat and Reader contain a use-after-free vulnerability in the JavaScript Doc.media.newPlayer method

Trust: 0.8

sources: CERT/CC: VU#508357

DESCRIPTION

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994. CVE-2009-2994 Is a different vulnerability.by the attacker ' Array Bounds Problem ' Arbitrary code may be executed via vectors related to. Failed exploit attempts will likely cause denial-of-service conditions. This issue affects Reader and Acrobat 9.2 and prior versions. NOTE: This issue was previously covered in BID 37667 (Adobe Acrobat and Reader January 2010 Multiple Remote Vulnerabilities), but has been given its own record to better document it. An array indexing error vulnerability exists in Adobe Reader and Acrobat's 3difr.x3d when processing U3D CLOD Mesh Declaration blocks. Users tricked into opening a PDF document containing a specially crafted U3D model will trigger memory corruption, resulting in the execution of arbitrary instructions. The Adobe Reader browser plug-in is available for several web browsers and operating systems and will automatically open PDF documents on websites. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Adobe Reader/Acrobat Code Execution Vulnerability SECUNIA ADVISORY ID: SA37690 VERIFY ADVISORY: http://secunia.com/advisories/37690/ DESCRIPTION: A vulnerability has been reported in Adobe Reader and Acrobat, which can be exploited by malicious people to compromise a user's system. NOTE: This vulnerability is currently being actively exploited. SOLUTION: Do not open untrusted PDF files. Do not visit untrusted websites or follow untrusted links. PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. ORIGINAL ADVISORY: http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/acroread < 9.3.4 >= 9.3.4 Description =========== Multiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below. Impact ====== A remote attacker might entice a user to open a specially crafted PDF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or bypass intended sandbox restrictions, make cross-domain requests, inject arbitrary web script or HTML, or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-9.3.4" References ========== [ 1 ] APSA10-01 http://www.adobe.com/support/security/advisories/apsa10-01.html [ 2 ] APSB10-02 http://www.adobe.com/support/security/bulletins/apsb10-02.html [ 3 ] APSB10-07 http://www.adobe.com/support/security/bulletins/apsb10-07.html [ 4 ] APSB10-09 http://www.adobe.com/support/security/bulletins/apsb10-09.html [ 5 ] APSB10-14 http://www.adobe.com/support/security/bulletins/apsb10-14.html [ 6 ] APSB10-16 http://www.adobe.com/support/security/bulletins/apsb10-16.html [ 7 ] CVE-2009-3953 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3953 [ 8 ] CVE-2009-4324 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324 [ 9 ] CVE-2010-0186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 [ 10 ] CVE-2010-0188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188 [ 11 ] CVE-2010-0190 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0190 [ 12 ] CVE-2010-0191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0191 [ 13 ] CVE-2010-0192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0192 [ 14 ] CVE-2010-0193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0193 [ 15 ] CVE-2010-0194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0194 [ 16 ] CVE-2010-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0195 [ 17 ] CVE-2010-0196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0196 [ 18 ] CVE-2010-0197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0197 [ 19 ] CVE-2010-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0198 [ 20 ] CVE-2010-0199 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0199 [ 21 ] CVE-2010-0201 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0201 [ 22 ] CVE-2010-0202 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0202 [ 23 ] CVE-2010-0203 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0203 [ 24 ] CVE-2010-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0204 [ 25 ] CVE-2010-1241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1241 [ 26 ] CVE-2010-1285 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1285 [ 27 ] CVE-2010-1295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1295 [ 28 ] CVE-2010-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 [ 29 ] CVE-2010-2168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2168 [ 30 ] CVE-2010-2201 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2201 [ 31 ] CVE-2010-2202 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2202 [ 32 ] CVE-2010-2203 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2203 [ 33 ] CVE-2010-2204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2204 [ 34 ] CVE-2010-2205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2205 [ 35 ] CVE-2010-2206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2206 [ 36 ] CVE-2010-2207 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2207 [ 37 ] CVE-2010-2208 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2208 [ 38 ] CVE-2010-2209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2209 [ 39 ] CVE-2010-2210 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2210 [ 40 ] CVE-2010-2211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2211 [ 41 ] CVE-2010-2212 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2212 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201009-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.97

sources: NVD: CVE-2009-3953 // CERT/CC: VU#508357 // JVNDB: JVNDB-2010-001014 // BID: 37758 // VULHUB: VHN-41399 // VULMON: CVE-2009-3953 // PACKETSTORM: 83870 // PACKETSTORM: 93607

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat	scope:	lt	version:	7.1.4	Trust: 1.0
vendor:	suse	model:	linux enterprise debuginfo	scope:	eq	version:	11	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	lt	version:	8.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	gte	version:	7.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	lt	version:	9.3	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	11.1	Trust: 1.0
vendor:	suse	model:	linux enterprise	scope:	eq	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	gte	version:	9.0	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	11.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	gte	version:	8.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	6.0.1	Trust: 0.9
vendor:	adobe	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	アドビ	model:	adobe reader	scope:	-	version:	-	Trust: 0.8
vendor:	レッドハット	model:	rhel supplementary	scope:	eq	version:	eus 5.4.z (server)	Trust: 0.8
vendor:	アドビ	model:	adobe acrobat	scope:	-	version:	-	Trust: 0.8
vendor:	レッドハット	model:	rhel supplementary eus	scope:	eq	version:	5.4.z (server)	Trust: 0.8
vendor:	レッドハット	model:	red hat enterprise linux extras	scope:	-	version:	-	Trust: 0.8
vendor:	レッドハット	model:	rhel supplementary	scope:	eq	version:	5 (server)	Trust: 0.8
vendor:	レッドハット	model:	rhel desktop supplementary	scope:	-	version:	-	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	5.0.5	Trust: 0.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	5.0.6	Trust: 0.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	6.0.4	Trust: 0.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	6.0.2	Trust: 0.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	6.0.5	Trust: 0.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	6.0	Trust: 0.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	5.0.10	Trust: 0.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	6.0.3	Trust: 0.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	5.0	Trust: 0.6
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise sp3	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise sp2	scope:	eq	version:	10	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.2	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.1	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.0	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws extras	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws extras	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux supplementary server	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux extras	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux extras	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux es extras	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux es extras	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop supplementary client	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux as extras	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux as extras	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	desktop extras	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	desktop extras	scope:	eq	version:	3	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.1.7	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.1.6	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.1.5	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.1.4	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	7.0.9	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.0	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.0	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.1.3	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.1.2	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.1.7	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.1.6	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.1.4	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.2	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.1	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.1	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.0	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.1.3	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.1.2	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.1.7	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.1.6	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.1.4	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.2	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.1	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.1	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.0	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.1.1	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	7.0.9	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	ne	version:	9.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	ne	version:	8.2	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	ne	version:	9.3	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	ne	version:	8.2	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	ne	version:	9.3	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	ne	version:	8.2	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	ne	version:	9.3	Trust: 0.3

sources: CERT/CC: VU#508357 // BID: 37758 // JVNDB: JVNDB-2010-001014 // CNNVD: CNNVD-201001-099 // NVD: CVE-2009-3953

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-3953
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#508357
value:	65.84
Trust: 0.8
NVD:	CVE-2009-3953
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201001-099
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-41399
value:	HIGH
Trust: 0.1
VULMON:	CVE-2009-3953
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2009-3953
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-41399
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2009-3953
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2009-3953
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CERT/CC: VU#508357 // VULHUB: VHN-41399 // VULMON: CVE-2009-3953 // JVNDB: JVNDB-2010-001014 // CNNVD: CNNVD-201001-099 // NVD: CVE-2009-3953

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-119	Trust: 0.1

sources: VULHUB: VHN-41399 // JVNDB: JVNDB-2010-001014 // NVD: CVE-2009-3953

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201001-099

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201001-099

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-41399 // VULMON: CVE-2009-3953

PATCH

title:	TA10-013A	url:	http://www.adobe.com/support/security/bulletins/apsb10-02.html	Trust: 0.8
title:	Adobe Acrobat 9.3.1 Pro and Standard update - multiple languages	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=4049	Trust: 0.6
title:	Adobe Reader 8.1.7	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=4048	Trust: 0.6
title:	Adobe Acrobat 9.3.1 Pro update - multiple languages	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=4052	Trust: 0.6
title:	Adobe Reader 9.3	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=4047	Trust: 0.6
title:	Adobe Acrobat 3D 8.2.1 update - multiple languages	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=4051	Trust: 0.6
title:	Adobe Reader 9.3	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=4046	Trust: 0.6
title:	Adobe Acrobat 9.3.1 Pro Extended update - multiple languages	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=4050	Trust: 0.6
title:	Red Hat: Critical: acroread security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100037 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: acroread security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100060 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: acroread security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100038 - Security Advisory	Trust: 0.1
title:	Known Exploited Vulnerabilities Detector	url:	https://github.com/Ostorlab/KEV	Trust: 0.1

sources: VULMON: CVE-2009-3953 // JVNDB: JVNDB-2010-001014 // CNNVD: CNNVD-201001-099

EXTERNAL IDS

db:	NVD	id:	CVE-2009-3953	Trust: 3.8
db:	VUPEN	id:	ADV-2010-0103	Trust: 2.6
db:	SECTRACK	id:	1023446	Trust: 2.6
db:	USCERT	id:	TA10-013A	Trust: 2.6
db:	BID	id:	37758	Trust: 2.3
db:	OSVDB	id:	61690	Trust: 1.2
db:	SECUNIA	id:	38215	Trust: 1.2
db:	SECUNIA	id:	38138	Trust: 1.2
db:	SECUNIA	id:	37690	Trust: 0.9
db:	OSVDB	id:	60980	Trust: 0.8
db:	CERT/CC	id:	VU#508357	Trust: 0.8
db:	USCERT	id:	TA15-119A	Trust: 0.8
db:	USCERT	id:	SA10-013A	Trust: 0.8
db:	JVNDB	id:	JVNDB-2010-001014	Trust: 0.8
db:	CNNVD	id:	CNNVD-201001-099	Trust: 0.7
db:	NSFOCUS	id:	14347	Trust: 0.6
db:	CERT/CC	id:	TA10-013A	Trust: 0.6
db:	SUSE	id:	SUSE-SA:2010:008	Trust: 0.6
db:	EXPLOIT-DB	id:	16622	Trust: 0.2
db:	PACKETSTORM	id:	93607	Trust: 0.2
db:	VULHUB	id:	VHN-41399	Trust: 0.1
db:	VULMON	id:	CVE-2009-3953	Trust: 0.1
db:	PACKETSTORM	id:	83870	Trust: 0.1

sources: CERT/CC: VU#508357 // VULHUB: VHN-41399 // VULMON: CVE-2009-3953 // BID: 37758 // JVNDB: JVNDB-2010-001014 // PACKETSTORM: 83870 // PACKETSTORM: 93607 // CNNVD: CNNVD-201001-099 // NVD: CVE-2009-3953

REFERENCES

url:	http://www.us-cert.gov/cas/techalerts/ta10-013a.html	Trust: 2.6
url:	http://www.securitytracker.com/id?1023446	Trust: 2.6
url:	http://www.vupen.com/english/advisories/2010/0103	Trust: 2.6
url:	http://www.adobe.com/support/security/bulletins/apsb10-02.html	Trust: 2.2
url:	http://www.securityfocus.com/bid/37758	Trust: 2.1
url:	http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html	Trust: 1.8
url:	http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=554293	Trust: 1.2
url:	http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl	Trust: 1.2
url:	http://osvdb.org/61690	Trust: 1.2
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8242	Trust: 1.2
url:	http://www.redhat.com/support/errata/rhsa-2010-0060.html	Trust: 1.2
url:	http://secunia.com/advisories/38138	Trust: 1.2
url:	http://secunia.com/advisories/38215	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/55551	Trust: 1.2
url:	http://secunia.com/advisories/37690/	Trust: 0.9
url:	http://www.adobe.com/support/security/advisories/apsa09-07.html	Trust: 0.8
url:	http://kb2.adobe.com/cps/532/cpsid_53237.html	Trust: 0.8
url:	http://osvdb.org/show/osvdb/60980	Trust: 0.8
url:	http://www.symantec.com/connect/blogs/zero-day-xmas-present	Trust: 0.8
url:	http://voices.washingtonpost.com/securityfix/2009/12/hackers_target_unpatched_adobe.html	Trust: 0.8
url:	http://vrt-sourcefire.blogspot.com/2009/12/this-is-what-happens-when-you-try-to-do.html	Trust: 0.8
url:	http://jvn.jp/cert/jvnta10-013a/	Trust: 0.8
url:	http://jvn.jp/ta/jvnta99041988/	Trust: 0.8
url:	http://jvn.jp/tr/jvntr-2010-03/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3953	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2010/at100003.txt	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/index.html#topics	Trust: 0.8
url:	http://www.us-cert.gov/cas/alerts/sa10-013a.html	Trust: 0.8
url:	https://www.us-cert.gov/ncas/alerts/ta15-119a	Trust: 0.8
url:	https://cisa.gov/known-exploited-vulnerabilities-catalog	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20100113-adobe.html	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/14347	Trust: 0.6
url:	http://www.adobe.com	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2010:0037	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/16622/	Trust: 0.1
url:	https://www.rapid7.com/db/modules/exploit/windows/fileformat/adobe_u3d_meshdecl	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2203	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-4324	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2209	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0188	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0194	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0202	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0194	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0199	Trust: 0.1
url:	http://security.gentoo.org/glsa/glsa-201009-05.xml	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2202	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2205	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2206	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0203	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0197	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2211	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1285	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2204	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0199	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0192	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0186	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0190	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0196	Trust: 0.1
url:	http://www.adobe.com/support/security/bulletins/apsb10-14.html	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3953	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4324	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0191	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0202	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0204	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0201	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2210	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0197	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0188	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0198	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0191	Trust: 0.1
url:	http://www.adobe.com/support/security/bulletins/apsb10-07.html	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1297	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1241	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1295	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0192	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	http://www.adobe.com/support/security/advisories/apsa10-01.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3953	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0203	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2208	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0190	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0193	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0198	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2207	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0195	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0204	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2168	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0201	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0196	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2201	Trust: 0.1
url:	http://www.adobe.com/support/security/bulletins/apsb10-09.html	Trust: 0.1
url:	http://www.adobe.com/support/security/bulletins/apsb10-16.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0193	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0186	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0195	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2212	Trust: 0.1

CREDITS

Parvez Anwar

Trust: 0.9

sources: BID: 37758 // CNNVD: CNNVD-201001-099

SOURCES

db:	CERT/CC	id:	VU#508357
db:	VULHUB	id:	VHN-41399
db:	VULMON	id:	CVE-2009-3953
db:	BID	id:	37758
db:	JVNDB	id:	JVNDB-2010-001014
db:	PACKETSTORM	id:	83870
db:	PACKETSTORM	id:	93607
db:	CNNVD	id:	CNNVD-201001-099
db:	NVD	id:	CVE-2009-3953

LAST UPDATE DATE

2024-11-23T20:50:52.987000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#508357	date:	2010-06-18T00:00:00
db:	VULHUB	id:	VHN-41399	date:	2018-10-30T00:00:00
db:	VULMON	id:	CVE-2009-3953	date:	2018-10-30T00:00:00
db:	BID	id:	37758	date:	2010-09-07T21:12:00
db:	JVNDB	id:	JVNDB-2010-001014	date:	2024-07-02T02:14:00
db:	CNNVD	id:	CNNVD-201001-099	date:	2011-07-13T00:00:00
db:	NVD	id:	CVE-2009-3953	date:	2024-11-21T01:08:35.723

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#508357	date:	2009-12-15T00:00:00
db:	VULHUB	id:	VHN-41399	date:	2010-01-13T00:00:00
db:	VULMON	id:	CVE-2009-3953	date:	2010-01-13T00:00:00
db:	BID	id:	37758	date:	2010-01-12T00:00:00
db:	JVNDB	id:	JVNDB-2010-001014	date:	2010-02-10T00:00:00
db:	PACKETSTORM	id:	83870	date:	2009-12-15T13:39:57
db:	PACKETSTORM	id:	93607	date:	2010-09-08T05:23:46
db:	CNNVD	id:	CNNVD-201001-099	date:	2010-01-13T00:00:00
db:	NVD	id:	CVE-2009-3953	date:	2010-01-13T19:30:00.343