Vulnerability Details CVE-2009-0219
The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.043
EPSS Ranking 88.4%
CVSS Severity
CVSS v2 Score 9.3
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766
- http://secunia.com/advisories/33534
- http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118
- http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119
- http://www.securityfocus.com/bid/33250
- http://www.securitytracker.com/id?1021559
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766
- http://secunia.com/advisories/33534
- http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118
- http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119
- http://www.securityfocus.com/bid/33250
- http://www.securitytracker.com/id?1021559
Products affected by CVE-2009-0219
-
cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.3
-
cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.4
-
cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.5
-
cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.6
-
cpe:2.3:a:research_in_motion_limited:blackberry_professional_software:4.1.4
-
cpe:2.3:a:research_in_motion_limited:blackberry_unite:*
-
cpe:2.3:a:research_in_motion_limited:blackberry_unite:1.0
-
cpe:2.3:a:research_in_motion_limited:blackberry_unite:1.0.1
-
cpe:2.3:a:research_in_motion_limited:blackberry_unite:1.0.2