CVE Vulnerabilities

CVE-2009-0219

Published: Jan 21, 2009 | Modified: Feb 05, 2009
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file.

Affected Software

Name Vendor Start Version End Version
Blackberry_enterprise_server Research_in_motion_limited 4.1.3 4.1.3
Blackberry_enterprise_server Research_in_motion_limited 4.1.4 4.1.4
Blackberry_enterprise_server Research_in_motion_limited 4.1.5 4.1.5
Blackberry_enterprise_server Research_in_motion_limited 4.1.6 4.1.6
Blackberry_professional_software Research_in_motion_limited 4.1.4 4.1.4
Blackberry_unite Research_in_motion_limited 1.0 1.0
Blackberry_unite Research_in_motion_limited 1.0.1 1.0.1
Blackberry_unite Research_in_motion_limited 1.0.2 1.0.2
Blackberry_unite Research_in_motion_limited * 1.0.3

References