CVE-2009-2643

Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 5.0 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securitytracker.com/id?1022295
http://secunia.com/advisories/35254	Vendor Advisory
http://www.securityfocus.com/bid/35102
http://www.osvdb.org/54767
http://www.blackberry.com/btsc/KB18327	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/1429	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/50755

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rim:blackberry_enterprise_server:4.1.4:::::::*
	cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:::::::*
	cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:mr4::::::
	cpe:2.3:a:rim:blackberry_enterprise_server:4.1.5:::::::*
	cpe:2.3:a:rim:blackberry_enterprise_server:4.1.3:::::::*
	cpe:2.3:a:rim:blackberry_professional_software:4.1.4:::::::*
	cpe:2.3:a:rim:blackberry_enterprise_server:5.0:::::::*

Information

Published : 2009-07-28 12:30

Updated : 2017-08-16 18:30

NVD link : CVE-2009-2643

Mitre link : CVE-2009-2643

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

rim

blackberry_enterprise_server
blackberry_professional_software

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securitytracker.com/id?1022295", "name": "1022295", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/35254", "name": "35254", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/35102", "name": "35102", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/54767", "name": "54767", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.blackberry.com/btsc/KB18327", "name": "http://www.blackberry.com/btsc/KB18327", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2009/1429", "name": "ADV-2009-1429", "tags": ["Patch", "Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50755", "name": "blackberry-pdf-code-execution(50755)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 5.0 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-2643", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2009-07-28T19:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:mr4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rim:blackberry_professional_software:4.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:30Z"}