Description
Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 allow user-assisted remote attackers to execute arbitrary code via (1) a crafted stream in a .pdf file, related to "symWidths"; or (2) a crafted data stream in a .pdf file, related to "bitmaps."
References (6)
Core 6
Core References
Vendor Advisory x_refsource_confirm
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33224
Vendor Advisory x_refsource_confirm
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119
Third Party Advisory third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=765
Third Party Advisory third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=764
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33534
Scores
EPSS
0.0555
EPSS Percentile
91.9%
Details
CWE
CWE-119
Status
published
Products (9)
research_in_motion_limited/blackberry_enterprise_server
4.1.3
research_in_motion_limited/blackberry_enterprise_server
4.1.4
research_in_motion_limited/blackberry_enterprise_server
4.1.5
research_in_motion_limited/blackberry_enterprise_server
4.1.6
research_in_motion_limited/blackberry_professional_software
4.1.4
research_in_motion_limited/blackberry_unite
1.0
research_in_motion_limited/blackberry_unite
1.0.1
research_in_motion_limited/blackberry_unite
1.0.2
research_in_motion_limited/blackberry_unite
< 1.0.3
Published
Jan 20, 2009
Tracked Since
Feb 18, 2026