CVE-2009-0219

Sažetak

The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766
http://secunia.com/advisories/33534
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119
http://www.securityfocus.com/bid/33250
http://www.securitytracker.com/id?1021559

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

05-02-2009 - 06:53

Objavljeno

21-01-2009 - 01:30