Lucene search

[email protected]CVE-2010-2604

HistoryJan 13, 2011 - 1:00 a.m.

CVE-2010-2604

2011-01-1301:00:01

CWE-119

[email protected]

web.nvd.nist.gov

buffer overflow

pdf distiller

blackberry

attachment service

remote code execution

cve-2010-2604

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.096 Low

EPSS

Percentile

94.8%

JSON

Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file.

Affected configurations

NVD

Node

rimblackberry_enterprise_serverMatch4.1.3

rimblackberry_enterprise_serverMatch4.1.4

rimblackberry_enterprise_serverMatch4.1.5

rimblackberry_enterprise_serverMatch4.1.6

rimblackberry_enterprise_serverMatch4.1.6mr4

rimblackberry_enterprise_serverMatch4.1.7

rimblackberry_enterprise_serverMatch5.0.0

rimblackberry_enterprise_serverMatch5.0.1

rimblackberry_enterprise_serverMatch5.0.2

Node

rimblackberry_enterprise_server_expressMatch5.0.1

rimblackberry_enterprise_server_expressMatch5.0.2

CPENameOperatorVersion
rim:blackberry_enterprise_serverrim blackberry enterprise servereq4.1.3
rim:blackberry_enterprise_serverrim blackberry enterprise servereq4.1.4
rim:blackberry_enterprise_serverrim blackberry enterprise servereq4.1.5
rim:blackberry_enterprise_serverrim blackberry enterprise servereq4.1.6
rim:blackberry_enterprise_serverrim blackberry enterprise servereq4.1.7
rim:blackberry_enterprise_serverrim blackberry enterprise servereq5.0.0
rim:blackberry_enterprise_serverrim blackberry enterprise servereq5.0.1
rim:blackberry_enterprise_serverrim blackberry enterprise servereq5.0.2

CPE	Name	Operator	Version
rim:blackberry_enterprise_server	rim blackberry enterprise server	eq	4.1.3
rim:blackberry_enterprise_server	rim blackberry enterprise server	eq	4.1.4
rim:blackberry_enterprise_server	rim blackberry enterprise server	eq	4.1.5
rim:blackberry_enterprise_server	rim blackberry enterprise server	eq	4.1.6
rim:blackberry_enterprise_server	rim blackberry enterprise server	eq	4.1.7
rim:blackberry_enterprise_server	rim blackberry enterprise server	eq	5.0.0
rim:blackberry_enterprise_server	rim blackberry enterprise server	eq	5.0.1
rim:blackberry_enterprise_server	rim blackberry enterprise server	eq	5.0.2

References

osvdb.org/70393

secunia.com/advisories/42882

www.blackberry.com/btsc/KB25382

www.securityfocus.com/bid/45753

www.securitytracker.com/id?1024953

www.vupen.com/english/advisories/2011/0081

exchange.xforce.ibmcloud.com/vulnerabilities/64621

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.096 Low

EPSS

Percentile

94.8%

JSON

Related for CVE-2010-2604

nessus1 nvd1 prion1 cvelist1