Detections
Analytics
BlackBerry Enterprise Server / Attachment Service PDF Distiller Buffer Overflow (KB25382)
high Nessus Plugin ID 51527
Language:
Synopsis
The remote Windows host has an application that is affected by a buffer overflow vulnerability.Description
The version of BlackBerry Enterprise Server installed on the remote host is reportedly affected by a buffer overflow vulnerability in the PDF distiller component of the BlackBerry Attachment Service. By sending a specially crafted PDF file and having it opened on a BlackBerry smartphone, an attacker may be able to execute arbitrary code on the system that runs the BlackBerry Attachment Service.Solution
Apply the vendor-supplied patches.See Also
https://salesforce.services.blackberry.com/kbredirect/viewContent.do?externalId=KB25382
Plugin Details
Severity: High
ID: 51527
File Name: blackberry_es_pdf_kb25382.nasl
Version: 1.11
Type: local
Agent: windows
Family: Windows
Published: 1/14/2011
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:rim:blackberry_enterprise_server
Required KB Items: SMB/Registry/Enumerated, BlackBerry_ES/Product, BlackBerry_ES/Path, BlackBerry_ES/Version, BlackBerry_ES/AttachmentServer
Exploit Ease: No known exploits are available
Patch Publication Date: 1/11/2011
Vulnerability Publication Date: 1/11/2011
Reference Information
CVE: CVE-2010-2604
BID: 45753
IAVA: 2011-A-0003
Secunia: 42882