CVE-2008-3246: Code Injection
First published: Mon Jul 21 2008(Updated: )
Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BlackBerry Unite | =1.0-sp1 | |
| BlackBerry Enterprise Server | =4.1.4 | |
| BlackBerry Enterprise Server | ||
| BlackBerry Enterprise Server | =4.1.5 | |
| BlackBerry Enterprise Server | =4.1.5 | |
| BlackBerry Unite | =1.0.1 | |
| BlackBerry Enterprise Server | =4.1-sp3 | |
| BlackBerry Unite | =1.0.1 | |
| BlackBerry Enterprise Server | =4.1.4 | |
| BlackBerry Enterprise Server | ||
| BlackBerry Enterprise Server | =4.1.3 | |
| BlackBerry Enterprise Server | ||
| BlackBerry Unite | =1.0-sp1 | |
| BlackBerry Enterprise Server | =4.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/31092
- http://secunia.com/advisories/31141
- http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html
- http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html
- http://www.kb.cert.org/vuls/id/289235
- http://www.securitytracker.com/id?1020505
- http://www.vupen.com/english/advisories/2008/2108/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43840
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43843
Frequently Asked Questions
What is the severity of CVE-2008-3246?
CVE-2008-3246 is classified as a critical vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2008-3246?
To fix CVE-2008-3246, upgrade to the latest version of BlackBerry Unite or BlackBerry Enterprise Server that includes patches for this vulnerability.
Which software versions are affected by CVE-2008-3246?
CVE-2008-3246 affects BlackBerry Unite! 1.0 SP1 and BlackBerry Enterprise Server versions 4.1 SP3 to 4.1 SP5.
What type of attacks does CVE-2008-3246 enable?
CVE-2008-3246 enables user-assisted remote attackers to execute arbitrary code on affected systems.
Can CVE-2008-3246 be exploited without user interaction?
CVE-2008-3246 requires user interaction to exploit, making it a user-assisted attack vector.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/blackberry
- canonical/blackberry unite
- version/blackberry unite/1.0-sp1
- canonical/blackberry enterprise server
- version/blackberry enterprise server/4.1.4
- vendor/rim
- version/blackberry enterprise server/4.1.5
- version/blackberry unite/1.0.1
- version/blackberry enterprise server/4.1-sp3
- version/blackberry enterprise server/4.1.3