CERTA-2009-AVI-532
Vulnerability from certfr_avis - Published: 2009-12-04 - Updated: 2009-12-04
De multiples vulnérabilités permettant l'exécution de code arbitraire à distance et concernant le composant PDF distiller du BlackBerry attachement Service ont été corrigées.
Description
Lorsqu'un utilisateur de BlackBerry ouvre ou visualise un fichier au format PDF, ce dernier est pré-traité par le composant PDF Distiller situé sur le serveur BlackBerry Enterprise. Ce module souffrant de plusieurs vulnérabiltés, il permet à un utilisateur malintentionné distant d'exécuter du code arbitraire sur le serveur au moyen d'un fichier PDF spécialement réalisé.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BlackBerry Professional 4.1.4.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BlackBerry Enterprise Server 5.0.0 sur Microsoft Windows 2000,2003 ou 2008 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "BlackBerry Enterprise Server 4.1.3 \u00e0 4.1.7 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nLorsqu\u0027un utilisateur de BlackBerry ouvre ou visualise un fichier au\nformat PDF, ce dernier est pr\u00e9-trait\u00e9 par le composant PDF Distiller\nsitu\u00e9 sur le serveur BlackBerry Enterprise. Ce module souffrant de\nplusieurs vuln\u00e9rabilt\u00e9s, il permet \u00e0 un utilisateur malintentionn\u00e9\ndistant d\u0027ex\u00e9cuter du code arbitraire sur le serveur au moyen d\u0027un\nfichier PDF sp\u00e9cialement r\u00e9alis\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2009-12-04T00:00:00",
"last_revision_date": "2009-12-04T00:00:00",
"links": [],
"reference": "CERTA-2009-AVI-532",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-12-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s permettant l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance et concernant le composant PDF distiller du BlackBerry\nattachement Service ont \u00e9t\u00e9 corrig\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans BlackBerry Attachement Service",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BlackBerry KB19860 du 01 d\u00e9cembre 2009",
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB19860"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…