CVE-2009-0219

The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
research_in_motion_limitedblackberry_enterprise_server
4.1.3
research_in_motion_limitedblackberry_enterprise_server
4.1.4
research_in_motion_limitedblackberry_enterprise_server
4.1.5
research_in_motion_limitedblackberry_enterprise_server
4.1.6
research_in_motion_limitedblackberry_professional_software
4.1.4
research_in_motion_limitedblackberry_unite
𝑥
≤ 1.0.3
research_in_motion_limitedblackberry_unite
1.0
research_in_motion_limitedblackberry_unite
1.0.1
research_in_motion_limitedblackberry_unite
1.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766
http://secunia.com/advisories/33534
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119
http://www.securityfocus.com/bid/33250
http://www.securitytracker.com/id?1021559
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766
http://secunia.com/advisories/33534
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119
http://www.securityfocus.com/bid/33250
http://www.securitytracker.com/id?1021559