CVE-2009-0176

RIM BlackBerry Enterprise Server <4.1.6 - RCE

Title source: llm
STIX 2.1

Description

Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 allow user-assisted remote attackers to execute arbitrary code via (1) a crafted stream in a .pdf file, related to "symWidths"; or (2) a crafted data stream in a .pdf file, related to "bitmaps."

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33224
Third Party Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=765
Third Party Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=764
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33534

Scores

EPSS 0.0555
EPSS Percentile 91.9%

Details

CWE
CWE-119
Status published
Products (9)
research_in_motion_limited/blackberry_enterprise_server 4.1.3
research_in_motion_limited/blackberry_enterprise_server 4.1.4
research_in_motion_limited/blackberry_enterprise_server 4.1.5
research_in_motion_limited/blackberry_enterprise_server 4.1.6
research_in_motion_limited/blackberry_professional_software 4.1.4
research_in_motion_limited/blackberry_unite 1.0
research_in_motion_limited/blackberry_unite 1.0.1
research_in_motion_limited/blackberry_unite 1.0.2
research_in_motion_limited/blackberry_unite < 1.0.3
Published Jan 20, 2009
Tracked Since Feb 18, 2026