CVE-2009-0219 : The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through

The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file.

Published 2009-01-21 01:30:00

Updated 2009-02-05 06:53:18

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2009-0219

Probability of exploitation activity in the next 30 days: 6.76%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-0219

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2009-0219

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-0219

Products affected by CVE-2009-0219

Research In Motion Limited » Blackberry Enterprise Server » Version: 4.1.3
cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*
Matching versions
Research In Motion Limited » Blackberry Enterprise Server » Version: 4.1.5
cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*
Matching versions
Research In Motion Limited » Blackberry Enterprise Server » Version: 4.1.6
cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.6:*:*:*:*:*:*:*
Matching versions
Research In Motion Limited » Blackberry Enterprise Server » Version: 4.1.4
cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*
Matching versions
Research In Motion Limited » Blackberry Professional Software » Version: 4.1.4
cpe:2.3:a:research_in_motion_limited:blackberry_professional_software:4.1.4:*:*:*:*:*:*:*
Matching versions
Research In Motion Limited » Blackberry Unite
Versions up to, including, (<=) 1.0.3
cpe:2.3:a:research_in_motion_limited:blackberry_unite:*:*:*:*:*:*:*:*
Matching versions
Research In Motion Limited » Blackberry Unite » Version: 1.0.2
cpe:2.3:a:research_in_motion_limited:blackberry_unite:1.0.2:*:*:*:*:*:*:*
Matching versions
Research In Motion Limited » Blackberry Unite » Version: 1.0
cpe:2.3:a:research_in_motion_limited:blackberry_unite:1.0:*:*:*:*:*:*:*
Matching versions
Research In Motion Limited » Blackberry Unite » Version: 1.0.1
cpe:2.3:a:research_in_motion_limited:blackberry_unite:1.0.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2009-0219

Exploit prediction scoring system (EPSS) score for CVE-2009-0219

CVSS scores for CVE-2009-0219

CWE ids for CVE-2009-0219

References for CVE-2009-0219

Products affected by CVE-2009-0219