Critical

CVE-2009-0219 - Resource Management Errors vulnerability in Research IN Motion Limited Blackberry Enterprise Server/Professional Software/Unite

Publication: 2009-01-21
Summary

The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file.

Classification
CWE-399: Resource Management Errors

Risk level (CVSS 9.3)

Critical

9.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Research IN Motion Limited Blackberry Unite 1.0
  • Research IN Motion Limited Blackberry Unite 1.0.1
  • Research IN Motion Limited Blackberry Unite 1.0.2
  • Research IN Motion Limited Blackberry Unite 1.0.3
  • Research IN Motion Limited Blackberry Enterprise Server 4.1.3
  • Research IN Motion Limited Blackberry Enterprise Server 4.1.4
  • Research IN Motion Limited Blackberry Professional Software 4.1.4
  • Research IN Motion Limited Blackberry Enterprise Server 4.1.5
  • Research IN Motion Limited Blackberry Enterprise Server 4.1.6