Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0219

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0219
Last Modified 05 Feb 2009 01:53:18
Published 20 Jan 2009 08:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0219

Summary

The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file.

Vulnerable Systems

Application

  • Research In Motion Limited Blackberry Enterprise Server 4.1.3

  • Research In Motion Limited Blackberry Enterprise Server 4.1.4

  • Research In Motion Limited Blackberry Enterprise Server 4.1.5

  • Research In Motion Limited Blackberry Enterprise Server 4.1.6

  • Research In Motion Limited Blackberry Professional Software 4.1.4

  • Research In Motion Limited Blackberry Unite 1.0

  • Research In Motion Limited Blackberry Unite 1.0.1

  • Research In Motion Limited Blackberry Unite 1.0.2

  • Research In Motion Limited Blackberry Unite 1.0.3


References

SECTRACK - 1021559

BID - 33250

CONFIRM - http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119

CONFIRM - http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118

SECUNIA - 33534

IDEFENSE - 20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller Uninitialized Memory Vulnerability


Last Updated: 27 May 2016 10:50:10