Vulnerability Details : CVE-2010-2604
Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2010-2604
Probability of exploitation activity in the next 30 days: 9.62%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2604
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2010-2604
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2604
-
http://www.securityfocus.com/bid/45753
BlackBerry Attachment Service PDF Distiller (CVE-2010-2604) Remote Buffer Overflow Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64621
BlackBerry Enterprise Server PDF distiller buffer overflow CVE-2010-2604 Vulnerability Report
-
http://www.blackberry.com/btsc/KB25382
Vendor Advisory
-
http://www.vupen.com/english/advisories/2011/0081
Webmail | OVH- OVHVendor Advisory
-
http://www.securitytracker.com/id?1024953
BlackBerry Enterprise Server Buffer Overflow in Attachment Service PDF Distiller Lets Remote Users Execute Arbitrary Code - SecurityTracker
Products affected by CVE-2010-2604
- cpe:2.3:a:rim:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:rim:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:rim:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:mr4:*:*:*:*:*:*
- cpe:2.3:a:rim:blackberry_enterprise_server:4.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:rim:blackberry_enterprise_server:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:rim:blackberry_enterprise_server:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:rim:blackberry_enterprise_server:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:rim:blackberry_enterprise_server_express:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:rim:blackberry_enterprise_server_express:5.0.2:*:*:*:*:*:*:*