CVE-2009-0219
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.4 High
AI Score
Confidence
Low
0.068 Low
EPSS
Percentile
93.9%
The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file.
Affected configurations
References
labs.idefense.com/intelligence/vulnerabilities/display.php?id=766
secunia.com/advisories/33534
www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118
www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119
www.securityfocus.com/bid/33250
www.securitytracker.com/id?1021559
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.4 High
AI Score
Confidence
Low
0.068 Low
EPSS
Percentile
93.9%