CVE-2010-2601: Buffer Overflow
First published: Thu Oct 14 2010(Updated: )
Multiple buffer overflows in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.7 and earlier and 5.0.0 through 5.0.2, and BlackBerry Professional Software 4.1.4 and earlier, allow user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BlackBerry Enterprise Server | =3.6 | |
| BlackBerry Enterprise Server | =5.0.2 | |
| BlackBerry Enterprise Server | =2.2 | |
| BlackBerry Enterprise Server | =4.0.3 | |
| BlackBerry Enterprise Server | =4.1.6-mr4 | |
| BlackBerry Enterprise Server | =4.1.5 | |
| BlackBerry Enterprise Server | =4.1 | |
| BlackBerry Enterprise Server | <=4.1.7 | |
| BlackBerry Enterprise Server | =4.1.4 | |
| BlackBerry Enterprise Server | =3.6.1 | |
| BlackBerry Enterprise Server | =4.0-sp3 | |
| BlackBerry Enterprise Server | =5.0.0 | |
| BlackBerry Enterprise Server | =4.1.6 | |
| BlackBerry Enterprise Server | =4.1.3 | |
| Blackberry Professional Software | <=4.1.4 | |
| BlackBerry Enterprise Server | =4.0 | |
| BlackBerry Enterprise Server | =5.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-2601?
CVE-2010-2601 has a high severity rating due to the potential for remote code execution and denial of service.
How do I fix CVE-2010-2601?
To fix CVE-2010-2601, users should upgrade to the latest version of the BlackBerry Enterprise Server or BlackBerry Professional Software that addresses the vulnerability.
What systems are affected by CVE-2010-2601?
CVE-2010-2601 affects multiple versions of BlackBerry Enterprise Server 3.6 up to 5.0.2 and BlackBerry Professional Software 4.1.4 and earlier.
What type of vulnerability is CVE-2010-2601?
CVE-2010-2601 is classified as a buffer overflow vulnerability that occurs in the PDF distiller of the BlackBerry services.
Can CVE-2010-2601 be exploited remotely?
Yes, CVE-2010-2601 can be exploited remotely by user-assisted attackers to cause potential harm to the affected system.
- agent/type
- agent/author
- agent/severity
- agent/remedy
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/rim
- canonical/blackberry enterprise server
- version/blackberry enterprise server/3.6
- version/blackberry enterprise server/5.0.2
- version/blackberry enterprise server/2.2
- version/blackberry enterprise server/4.0.3
- version/blackberry enterprise server/4.1.6-mr4
- version/blackberry enterprise server/4.1.5
- version/blackberry enterprise server/4.1
- version/blackberry enterprise server/4.1.7
- version/blackberry enterprise server/4.1.4
- version/blackberry enterprise server/3.6.1
- version/blackberry enterprise server/4.0-sp3
- version/blackberry enterprise server/5.0.0
- version/blackberry enterprise server/4.1.6
- version/blackberry enterprise server/4.1.3
- canonical/blackberry professional software
- version/blackberry professional software/4.1.4
- version/blackberry enterprise server/4.0
- version/blackberry enterprise server/5.0.1