CVE-2009-4778

21.04.2010, 14:30

Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246, CVE-2009-0176, CVE-2009-0219, CVE-2009-2643, and CVE-2009-2646.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	9.3 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:C/I:C/A:C
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 86%

Vendor	Product	Version
rim	blackberry_enterprise_server	4.1.3
rim	blackberry_enterprise_server	4.1.4
rim	blackberry_enterprise_server	4.1.5
rim	blackberry_enterprise_server	4.1.6
rim	blackberry_enterprise_server	4.1.7
rim	blackberry_enterprise_server	5.0.0
rim	blackberry_professional_software	4.1.4

𝑥

= Vulnerable software versions

References

http://secunia.com/advisories/37562

http://www.blackberry.com/btsc/KB19860

http://www.securityfocus.com/bid/37167

http://www.securitytracker.com/id?1023258

http://www.vupen.com/english/advisories/2009/3372

http://secunia.com/advisories/37562

http://www.blackberry.com/btsc/KB19860

http://www.securityfocus.com/bid/37167

http://www.securitytracker.com/id?1023258

http://www.vupen.com/english/advisories/2009/3372