CVE-2009-2643

high

Description

Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 5.0 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/50755

http://www.vupen.com/english/advisories/2009/1429

http://www.securitytracker.com/id?1022295

http://www.securityfocus.com/bid/35102

http://www.osvdb.org/54767

http://www.blackberry.com/btsc/KB18327

http://secunia.com/advisories/35254

Details

Source: Mitre, NVD

Published: 2009-07-28

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High