Executive Summary
Summary | |
---|---|
Title | BlackBerry Attachment Service PDF distiller vulnerable to arbitrary code execution |
Informations | |||
---|---|---|---|
Name | VU#289235 | First vendor Publication | 2008-07-18 |
Vendor | VU-CERT | Last vendor Modification | 2008-07-18 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#289235BlackBerry Attachment Service PDF distiller vulnerable to arbitrary code executionOverviewThe PDF Distiller service that is provided with BlackBerry Enterprise Server contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.I. DescriptionThe BlackBerry Attachment Service is a component of the BlackBerry Enterprise Server (BES) and BlackBerry Unite!. The BlackBerry Attachment Service renders certain types of files sent as email attachments for display on BlackBerry Handhelds and other BlackBerry client devices. An unspecified vulnerability in the PDF distiller component of the BlackBerry Attachment Service may allow arbitrary code execution on the system that runs the vulnerable service.II. ImpactBy convincing a user to open a specially-crafted PDF attachment on a BlackBerry smartphone, a remote, unauthenticated attacker may be able to execute arbitrary code on the system that runs the BlackBerry Attachment Service.III. SolutionApply an updateThis issue is addressed in BlackBerry Enterprise Server 4.1 Service Pack 6 (4.1.6). Please see BlackBerry document KB15766 for more details.
References
This issue was reported by Research In Motion. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/289235 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 | |
Application | 2 | |
Application | 3 | |
Application | 1 | |
Application | 1 | |
Application | 1 | |
Application | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
47296 | BlackBerry Multiple Products PDF Distiller Component PDF Processing Arbitrary... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-07-21 | Name : The remote Windows host has an application that is affected by a code executi... File : blackberry_es_pdf_vuln.nasl - Type : ACT_GATHER_INFO |