CVE-2008-3246

Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html
http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html
http://www.kb.cert.org/vuls/id/289235	US Government Resource
http://www.securitytracker.com/id?1020505
http://secunia.com/advisories/31092	Vendor Advisory
http://secunia.com/advisories/31141
http://www.vupen.com/english/advisories/2008/2108/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43843
https://exchange.xforce.ibmcloud.com/vulnerabilities/43840

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rim:blackberry_enterprise_server:4.1.3:::::::*
	cpe:2.3:a:rim:blackberry_enterprise_server:4.1.4:::::::*
	cpe:2.3:a:blackberry:enterprise_server:4.1.5:::::::*
	cpe:2.3:a:blackberry:enterprise_server:4.1:sp3::::::
	cpe:2.3:a:rim:blackberry_enterprise_server_for_exchange::::::::
	cpe:2.3:a:rim:blackberry_enterprise_server_for_novell_groupwise::::::::
	cpe:2.3:a:rim:blackberry_unite:1.0.1:::::::*
	cpe:2.3:a:blackberry:unite:1.0.1:::::::*
	cpe:2.3:a:blackberry:unite:1.0:sp1::::::
	cpe:2.3:a:rim:blackberry_unite:1.0:sp1::::::
	cpe:2.3:a:blackberry:enterprise_server:4.1.3:::::::*
	cpe:2.3:a:blackberry:enterprise_server:4.1.4:::::::*
	cpe:2.3:a:rim:blackberry_enterprise_server:4.1.5:::::::*
	cpe:2.3:a:rim:blackberry_enterprise_server_for_domino::::::::

Information

Published : 2008-07-21 09:41

Updated : 2017-08-07 18:31

NVD link : CVE-2008-3246

Mitre link : CVE-2008-3246

JSON object : View

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

NVD-CWE-noinfo

Products Affected

rim

blackberry_enterprise_server_for_exchange
blackberry_enterprise_server_for_novell_groupwise
blackberry_enterprise_server_for_domino
blackberry_enterprise_server
blackberry_unite

blackberry

enterprise_server
unite

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html", "name": "http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html", "name": "http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.kb.cert.org/vuls/id/289235", "name": "VU#289235", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securitytracker.com/id?1020505", "name": "1020505", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/31092", "name": "31092", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/31141", "name": "31141", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2008/2108/references", "name": "ADV-2008-2108", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43843", "name": "blackberry-unite-pdf-code-execution(43843)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43840", "name": "blackberry-es-pdf-code-execution(43840)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-3246", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2008-07-21T16:41Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:blackberry:enterprise_server:4.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:blackberry:enterprise_server:4.1:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server_for_exchange:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server_for_novell_groupwise:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rim:blackberry_unite:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:blackberry:unite:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:blackberry:unite:1.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rim:blackberry_unite:1.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:blackberry:enterprise_server:4.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:blackberry:enterprise_server:4.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server_for_domino:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:31Z"}

9.3 /10