Vulnerabilities > CVE-2009-2646 - Unspecified vulnerability in RIM products

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

rim

critical

NVD

Published: 2009-07-30

Updated: 2009-08-06

Summary

Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.6 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219.

Vulnerable Configurations

Part	Description	Count
Application	Rim RIM Blackberry Enterprise Server 4.1 RIM Blackberry Enterprise Server 4.1.3 RIM Blackberry Enterprise Server 4.1.4 RIM Blackberry Enterprise Server 4.1.5 RIM Blackberry Enterprise Server 4.1.6 RIM Blackberry Professional Software 4.1.4	10

References

http://www.blackberry.com/btsc/KB17953