Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0176

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0176
Last Modified 18 May 2009 12:00:00
Published 20 Jan 2009 11:00:09
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0176

Summary

Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 allow user-assisted remote attackers to execute arbitrary code via (1) a crafted stream in a .pdf file, related to "symWidths"; or (2) a crafted data stream in a .pdf file, related to "bitmaps."

Vulnerable Systems

Application

  • Research In Motion Limited Blackberry Enterprise Server 4.1.3

  • Research In Motion Limited Blackberry Enterprise Server 4.1.4

  • Research In Motion Limited Blackberry Enterprise Server 4.1.5

  • Research In Motion Limited Blackberry Enterprise Server 4.1.6

  • Research In Motion Limited Blackberry Professional Software 4.1.4

  • Research In Motion Limited Blackberry Unite 1.0

  • Research In Motion Limited Blackberry Unite 1.0.1

  • Research In Motion Limited Blackberry Unite 1.0.2

  • Research In Motion Limited Blackberry Unite 1.0.3


References

BID - 33224

CONFIRM - http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119

CONFIRM - http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118

SECUNIA - 33534

IDEFENSE - 20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller 'bitmaps' Heap Overflow Vulnerability

IDEFENSE - 20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller 'symWidths' Heap Overflow Vulnerability


Last Updated: 27 May 2016 10:50:08