CVE-2009-0219 | Vulnerability Database | Aqua Security

The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file.

Affected Software

Name	Vendor	Start Version	End Version
Blackberry_enterprise_server	Research_in_motion_limited	4.1.3 (including)	4.1.3 (including)
Blackberry_enterprise_server	Research_in_motion_limited	4.1.4 (including)	4.1.4 (including)
Blackberry_enterprise_server	Research_in_motion_limited	4.1.5 (including)	4.1.5 (including)
Blackberry_enterprise_server	Research_in_motion_limited	4.1.6 (including)	4.1.6 (including)
Blackberry_professional_software	Research_in_motion_limited	4.1.4 (including)	4.1.4 (including)
Blackberry_unite	Research_in_motion_limited	*	1.0.3 (including)
Blackberry_unite	Research_in_motion_limited	1.0 (including)	1.0 (including)
Blackberry_unite	Research_in_motion_limited	1.0.1 (including)	1.0.1 (including)
Blackberry_unite	Research_in_motion_limited	1.0.2 (including)	1.0.2 (including)

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766
http://secunia.com/advisories/33534
http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17118
http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17119
http://www.securityfocus.com/bid/33250
http://www.securitytracker.com/id?1021559

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-0219
CWE	https://cwe.mitre.org/data/definitions/399.html