CVE-2009-0306

2009-11-0415:30:00

CWE-119

mitre

web.nvd.nist.gov

cve

2009-0306

buffer overflow

ibm

lotus notes

intellisync

activex control

lnresobject.dll

blackberry desktop manager

rim

blackberry desktop software

remote code execution

web page

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.02

Percentile

89.1%

JSON

Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote attackers to execute arbitrary code via a crafted web page. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

rimblackberry_desktop_softwareRange≤5.0

AND

ibmlotus_notes_intellisync

VendorProductVersionCPE
rimblackberry_desktop_software*cpe:2.3:a:rim:blackberry_desktop_software:*:*:*:*:*:*:*:*
ibmlotus_notes_intellisync*cpe:2.3:a:ibm:lotus_notes_intellisync:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rim	blackberry_desktop_software	*	cpe:2.3:a:rim:blackberry_desktop_software::::::::
ibm	lotus_notes_intellisync	*	cpe:2.3:a:ibm:lotus_notes_intellisync::::::::