Search
Find a vulnerability
Search criteria
4 vulnerabilities found for blackberry_unite by research_in_motion_limited
CVE-2009-0219 (GCVE-0-2009-0219)
Vulnerability from nvd – Published: 2009-01-21 01:00 – Updated: 2024-08-07 04:24
VLAI
Summary
The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/33250 | vdb-entryx_refsource_BID |
| http://www.blackberry.com/btsc/search.do?cmd=disp… | x_refsource_CONFIRM |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
| http://www.securitytracker.com/id?1021559 | vdb-entryx_refsource_SECTRACK |
| http://www.blackberry.com/btsc/search.do?cmd=disp… | x_refsource_CONFIRM |
| http://secunia.com/advisories/33534 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2009-01-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33250",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33250"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17118"
},
{
"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller Uninitialized Memory Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766"
},
{
"name": "1021559",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021559"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17119"
},
{
"name": "33534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33534"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-29T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33250",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33250"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17118"
},
{
"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller Uninitialized Memory Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766"
},
{
"name": "1021559",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021559"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17119"
},
{
"name": "33534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33534"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33250"
},
{
"name": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17118",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17118"
},
{
"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller Uninitialized Memory Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766"
},
{
"name": "1021559",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021559"
},
{
"name": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17119",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17119"
},
{
"name": "33534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33534"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0219",
"datePublished": "2009-01-21T01:00:00.000Z",
"dateReserved": "2009-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:24:18.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0176 (GCVE-0-2009-0176)
Vulnerability from nvd – Published: 2009-01-20 15:26 – Updated: 2024-09-17 02:31
VLAI
Summary
Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 allow user-assisted remote attackers to execute arbitrary code via (1) a crafted stream in a .pdf file, related to "symWidths"; or (2) a crafted data stream in a .pdf file, related to "bitmaps."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.blackberry.com/btsc/search.do?cmd=disp… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/33224 | vdb-entryx_refsource_BID |
| http://www.blackberry.com/btsc/search.do?cmd=disp… | x_refsource_CONFIRM |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
| http://secunia.com/advisories/33534 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17118"
},
{
"name": "33224",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33224"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17119"
},
{
"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller \u0027bitmaps\u0027 Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=765"
},
{
"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller \u0027symWidths\u0027 Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=764"
},
{
"name": "33534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33534"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 allow user-assisted remote attackers to execute arbitrary code via (1) a crafted stream in a .pdf file, related to \"symWidths\"; or (2) a crafted data stream in a .pdf file, related to \"bitmaps.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-20T15:26:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17118"
},
{
"name": "33224",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33224"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17119"
},
{
"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller \u0027bitmaps\u0027 Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=765"
},
{
"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller \u0027symWidths\u0027 Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=764"
},
{
"name": "33534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33534"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 allow user-assisted remote attackers to execute arbitrary code via (1) a crafted stream in a .pdf file, related to \"symWidths\"; or (2) a crafted data stream in a .pdf file, related to \"bitmaps.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17118",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17118"
},
{
"name": "33224",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33224"
},
{
"name": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17119",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17119"
},
{
"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller \u0027bitmaps\u0027 Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=765"
},
{
"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller \u0027symWidths\u0027 Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=764"
},
{
"name": "33534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33534"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0176",
"datePublished": "2009-01-20T15:26:00.000Z",
"dateReserved": "2009-01-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:31:04.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0219 (GCVE-0-2009-0219)
Vulnerability from cvelistv5 – Published: 2009-01-21 01:00 – Updated: 2024-08-07 04:24
VLAI
Summary
The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/33250 | vdb-entryx_refsource_BID |
| http://www.blackberry.com/btsc/search.do?cmd=disp… | x_refsource_CONFIRM |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
| http://www.securitytracker.com/id?1021559 | vdb-entryx_refsource_SECTRACK |
| http://www.blackberry.com/btsc/search.do?cmd=disp… | x_refsource_CONFIRM |
| http://secunia.com/advisories/33534 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2009-01-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33250",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33250"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17118"
},
{
"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller Uninitialized Memory Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766"
},
{
"name": "1021559",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021559"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17119"
},
{
"name": "33534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33534"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-29T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33250",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33250"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17118"
},
{
"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller Uninitialized Memory Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766"
},
{
"name": "1021559",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021559"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17119"
},
{
"name": "33534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33534"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33250"
},
{
"name": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17118",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17118"
},
{
"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller Uninitialized Memory Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766"
},
{
"name": "1021559",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021559"
},
{
"name": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17119",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17119"
},
{
"name": "33534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33534"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0219",
"datePublished": "2009-01-21T01:00:00.000Z",
"dateReserved": "2009-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:24:18.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0176 (GCVE-0-2009-0176)
Vulnerability from cvelistv5 – Published: 2009-01-20 15:26 – Updated: 2024-09-17 02:31
VLAI
Summary
Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 allow user-assisted remote attackers to execute arbitrary code via (1) a crafted stream in a .pdf file, related to "symWidths"; or (2) a crafted data stream in a .pdf file, related to "bitmaps."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.blackberry.com/btsc/search.do?cmd=disp… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/33224 | vdb-entryx_refsource_BID |
| http://www.blackberry.com/btsc/search.do?cmd=disp… | x_refsource_CONFIRM |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
| http://secunia.com/advisories/33534 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17118"
},
{
"name": "33224",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33224"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17119"
},
{
"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller \u0027bitmaps\u0027 Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=765"
},
{
"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller \u0027symWidths\u0027 Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=764"
},
{
"name": "33534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33534"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 allow user-assisted remote attackers to execute arbitrary code via (1) a crafted stream in a .pdf file, related to \"symWidths\"; or (2) a crafted data stream in a .pdf file, related to \"bitmaps.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-20T15:26:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17118"
},
{
"name": "33224",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33224"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17119"
},
{
"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller \u0027bitmaps\u0027 Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=765"
},
{
"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller \u0027symWidths\u0027 Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=764"
},
{
"name": "33534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33534"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 allow user-assisted remote attackers to execute arbitrary code via (1) a crafted stream in a .pdf file, related to \"symWidths\"; or (2) a crafted data stream in a .pdf file, related to \"bitmaps.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17118",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17118"
},
{
"name": "33224",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33224"
},
{
"name": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17119",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB17119"
},
{
"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller \u0027bitmaps\u0027 Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=765"
},
{
"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller \u0027symWidths\u0027 Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=764"
},
{
"name": "33534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33534"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0176",
"datePublished": "2009-01-20T15:26:00.000Z",
"dateReserved": "2009-01-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:31:04.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}