| Vulnerability Name: | CVE-2009-4778 (CCN-54503) | ||||||||
| Assigned: | 2009-12-01 | ||||||||
| Published: | 2009-12-01 | ||||||||
| Updated: | 2010-04-22 | ||||||||
| Summary: | Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246, CVE-2009-0176, CVE-2009-0219, CVE-2009-2643, and CVE-2009-2646. Per: http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB19860 'These vulnerabilities could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a BlackBerry smartphone that is associated with a user account on a BlackBerry Enterprise Server, could cause memory corruption and possibly lead to a Denial of Service (DoS) condition or arbitrary code execution on the computer that hosts the BlackBerry Attachment Service component of that BlackBerry Enterprise Server.' | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-4778 Source: CCN Type: SA37562 BlackBerry Products PDF Distiller Unspecified Vulnerabilities Source: SECUNIA Type: Vendor Advisory 37562 Source: CCN Type: SECTRACK ID: 1023258 BlackBerry Enterprise Server PDF Distiller Flaws Let Remote Users Execute Arbitrary Code Source: CONFIRM Type: Patch, Vendor Advisory http://www.blackberry.com/btsc/KB19860 Source: CCN Type: BlackBerry Security Advisory KB19860 Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server Source: BID Type: UNKNOWN 37167 Source: CCN Type: BID-37167 BlackBerry Attachment Service PDF Distiller Multiple Remote Code Execution Vulnerabilities Source: SECTRACK Type: UNKNOWN 1023258 Source: VUPEN Type: Patch, Vendor Advisory ADV-2009-3372 Source: XF Type: UNKNOWN bes-pdf-code-execution(54503) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||