Vulnerability Details : CVE-2009-0219
The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2009-0219
Probability of exploitation activity in the next 30 days: 6.76%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-0219
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2009-0219
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-0219
-
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119
Vendor Advisory
-
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118
Vendor Advisory
-
http://www.securityfocus.com/bid/33250
-
http://www.securitytracker.com/id?1021559
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766
Products affected by CVE-2009-0219
- cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_professional_software:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_unite:*:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_unite:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_unite:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_unite:1.0.1:*:*:*:*:*:*:*