ID CVE-2009-4778
Summary Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246, CVE-2009-0176, CVE-2009-0219, CVE-2009-2643, and CVE-2009-2646. Per: http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB19860 'These vulnerabilities could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a BlackBerry smartphone that is associated with a user account on a BlackBerry Enterprise Server, could cause memory corruption and possibly lead to a Denial of Service (DoS) condition or arbitrary code execution on the computer that hosts the BlackBerry Attachment Service component of that BlackBerry Enterprise Server.'
References
Vulnerable Configurations
  • cpe:2.3:a:rim:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:rim:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rim:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:rim:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rim:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:rim:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rim:blackberry_enterprise_server:4.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:rim:blackberry_enterprise_server:4.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rim:blackberry_enterprise_server:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:rim:blackberry_enterprise_server:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rim:blackberry_professional_software:4.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:rim:blackberry_professional_software:4.1.4:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 22-04-2010 - 04:00)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 37167
confirm http://www.blackberry.com/btsc/KB19860
sectrack 1023258
secunia 37562
vupen ADV-2009-3372
Last major update 22-04-2010 - 04:00
Published 21-04-2010 - 14:30
Last modified 22-04-2010 - 04:00
Back to Top