CVE-2009-0176

Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 allow user-assisted remote attackers to execute arbitrary code via (1) a crafted stream in a .pdf file, related to "symWidths"; or (2) a crafted data stream in a .pdf file, related to "bitmaps."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
research_in_motion_limitedblackberry_enterprise_server
4.1.3
research_in_motion_limitedblackberry_enterprise_server
4.1.4
research_in_motion_limitedblackberry_enterprise_server
4.1.5
research_in_motion_limitedblackberry_enterprise_server
4.1.6
research_in_motion_limitedblackberry_professional_software
4.1.4
research_in_motion_limitedblackberry_unite
𝑥
≤ 1.0.3
research_in_motion_limitedblackberry_unite
1.0
research_in_motion_limitedblackberry_unite
1.0.1
research_in_motion_limitedblackberry_unite
1.0.2
𝑥
= Vulnerable software versions