Vulnerability Name:

CVE-2009-0219 (CCN-47933)

Assigned:2009-01-12
Published:2009-01-12
Updated:2009-02-05
Summary:The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-399
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-0219

Source: IDEFENSE
Type: UNKNOWN
20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller Uninitialized Memory Vulnerability

Source: CCN
Type: SA33534
BlackBerry Products PDF Distiller Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
33534

Source: CCN
Type: SECTRACK ID: 1021559
BlackBerry Enterprise Server Bug in BlackBerry Attachment Service PDF Distiller Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: BlackBerry Security Advisory KB17118
Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server

Source: CONFIRM
Type: Vendor Advisory
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118

Source: CCN
Type: BlackBerry Security Advisory KB17119
Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for BlackBerry Unite

Source: CONFIRM
Type: Vendor Advisory
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119

Source: BID
Type: UNKNOWN
33250

Source: CCN
Type: BID-33250
BlackBerry Attachment Service PDF Distiller Uninitialized Heap Memory Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021559

Source: XF
Type: UNKNOWN
blackberry-attachment-uninit-code-execution(47933)

Source: CCN
Type: iDefense PUBLIC ADVISORY: 01.13.09
RIM BlackBerry Enterprise Server Attachment Service PDF Distiller Uninitialized Memory Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:research_in_motion_limited:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:research_in_motion_limited:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:research_in_motion_limited:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:research_in_motion_limited:blackberry_enterprise_server:4.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:research_in_motion_limited:blackberry_professional_software:4.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:research_in_motion_limited:blackberry_unite:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:research_in_motion_limited:blackberry_unite:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:research_in_motion_limited:blackberry_unite:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:research_in_motion_limited:blackberry_unite:*:*:*:*:*:*:*:* (Version <= 1.0.3)

    • Configuration CCN 1:
  • cpe:/a:rim:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:rim:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:rim:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:rim:blackberry_enterprise_server:4.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:rim:blackberry_professional_software:4.1.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    research_in_motion_limited blackberry enterprise server 4.1.3
    research_in_motion_limited blackberry enterprise server 4.1.4
    research_in_motion_limited blackberry enterprise server 4.1.5
    research_in_motion_limited blackberry enterprise server 4.1.6
    research_in_motion_limited blackberry professional software 4.1.4
    research_in_motion_limited blackberry unite 1.0
    research_in_motion_limited blackberry unite 1.0.1
    research_in_motion_limited blackberry unite 1.0.2
    research_in_motion_limited blackberry unite *
    rim blackberry enterprise server 4.1.3
    rim blackberry enterprise server 4.1.5
    rim blackberry enterprise server 4.1.4
    rim blackberry enterprise server 4.1.6
    rim blackberry professional software 4.1.4