CVE-2009-0219
First published: Wed Jan 21 2009(Updated: )
The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BlackBerry Enterprise Server | =4.1.3 | |
| BlackBerry Unite | =1.0 | |
| BlackBerry Unite | =1.0.2 | |
| BlackBerry Unite | <=1.0.3 | |
| BlackBerry Unite | =1.0.1 | |
| BlackBerry Enterprise Server | =4.1.4 | |
| BlackBerry Enterprise Server | =4.1.6 | |
| BlackBerry Enterprise Server | =4.1.5 | |
| Blackberry Professional Software | =4.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118
- http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766
- http://secunia.com/advisories/33534
- http://www.securityfocus.com/bid/33250
- http://www.securitytracker.com/id?1021559
Frequently Asked Questions
What is the severity of CVE-2009-0219?
CVE-2009-0219 has a medium severity rating due to its potential for exploitation through user-assisted remote code execution.
How do I fix CVE-2009-0219?
To fix CVE-2009-0219, upgrade to a patched version of BlackBerry Enterprise Server or BlackBerry Unite that addresses the vulnerability.
Which versions are affected by CVE-2009-0219?
CVE-2009-0219 affects BlackBerry Enterprise Server versions 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite versions before 1.0.3 bundle 28.
What impact can CVE-2009-0219 have on my system?
Exploitation of CVE-2009-0219 can lead to unauthorized remote code execution on affected systems.
Is user interaction required for the exploitation of CVE-2009-0219?
Yes, CVE-2009-0219 requires user interaction to exploit the vulnerability.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/severity
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/research in motion limited
- canonical/blackberry enterprise server
- version/blackberry enterprise server/4.1.3
- canonical/blackberry unite
- version/blackberry unite/1.0
- version/blackberry unite/1.0.2
- version/blackberry unite/1.0.3
- version/blackberry unite/1.0.1
- version/blackberry enterprise server/4.1.4
- version/blackberry enterprise server/4.1.6
- version/blackberry enterprise server/4.1.5
- canonical/blackberry professional software
- version/blackberry professional software/4.1.4