CVE-2009-0219

EUVD-2009-0227
The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
research_in_motion_limitedblackberry_enterprise_server
4.1.3
research_in_motion_limitedblackberry_enterprise_server
4.1.4
research_in_motion_limitedblackberry_enterprise_server
4.1.5
research_in_motion_limitedblackberry_enterprise_server
4.1.6
research_in_motion_limitedblackberry_professional_software
4.1.4
research_in_motion_limitedblackberry_unite
𝑥
≤ 1.0.3
research_in_motion_limitedblackberry_unite
1.0
research_in_motion_limitedblackberry_unite
1.0.1
research_in_motion_limitedblackberry_unite
1.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766
http://secunia.com/advisories/33534
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119
http://www.securityfocus.com/bid/33250
http://www.securitytracker.com/id?1021559
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766
http://secunia.com/advisories/33534
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119
http://www.securityfocus.com/bid/33250
http://www.securitytracker.com/id?1021559