CyberSec.Space Logo
Back to CVE Browser

CVE-2009-0176

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile28.15th
PublishedJan 20, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 allow user-assisted remote attackers to execute arbitrary code via (1) a crafted stream in a .pdf file, related to "symWidths"; or (2) a crafted data stream in a .pdf file, related to "bitmaps."

Affected Platforms (CPE)

πŸ“¦
Research In Motion Limited

Blackberry Enterprise Server

= 4.1.3
πŸ“¦
Research In Motion Limited

Blackberry Enterprise Server

= 4.1.4
πŸ“¦
Research In Motion Limited

Blackberry Enterprise Server

= 4.1.5
πŸ“¦
Research In Motion Limited

Blackberry Enterprise Server

= 4.1.6
πŸ“¦
Research In Motion Limited

Blackberry Professional Software

= 4.1.4
πŸ“¦
Research In Motion Limited

Blackberry Unite

<= 1.0.3
πŸ“¦
Research In Motion Limited

Blackberry Unite

= 1.0
πŸ“¦
Research In Motion Limited

Blackberry Unite

= 1.0.1
πŸ“¦
Research In Motion Limited

Blackberry Unite

= 1.0.2

References & Advisories

πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=764
πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=765
πŸ”— http://secunia.com/advisories/33534
πŸ”— http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118
πŸ”— http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119
πŸ”— http://www.securityfocus.com/bid/33224
πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=764
πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=765

Related Vulnerabilities

CVE-2007-348310.0

Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary...

CVE-2008-32469.3

Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1)...

CVE-2009-02199.3

The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, Bl...

CVE-2009-26439.3

Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBer...