{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-12T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-01-29T10:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "33250", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33250"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118"}, {"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller Uninitialized Memory Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766"}, {"name": "1021559", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021559"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119"}, {"name": "33534", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33534"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0219", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "33250", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33250"}, {"name": "http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118", "refsource": "CONFIRM", "url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118"}, {"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller Uninitialized Memory Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766"}, {"name": "1021559", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021559"}, {"name": "http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119", "refsource": "CONFIRM", "url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119"}, {"name": "33534", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33534"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:24:18.429Z"}, "title": "CVE Program Container", "references": [{"name": "33250", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33250"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118"}, {"name": "20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller Uninitialized Memory Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766"}, {"name": "1021559", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1021559"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119"}, {"name": "33534", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33534"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0219", "datePublished": "2009-01-21T01:00:00.000Z", "dateReserved": "2009-01-20T00:00:00.000Z", "dateUpdated": "2024-08-07T04:24:18.429Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "4DDE9EAC-D9FF-47C2-A830-0316F74D822E", "vulnerable": true}, {"criteria": "cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "F3B71789-C43D-4D75-9C49-71D9347EF321", "vulnerable": true}, {"criteria": "cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "59C67945-B4C6-4159-8FF0-05227D46E282", "vulnerable": true}, {"criteria": "cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "D2FE657D-6988-4A19-B0EC-8D9413AB7A5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:research_in_motion_limited:blackberry_professional_software:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "4E3AB6DC-0733-4683-B495-2FF85923ACB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:research_in_motion_limited:blackberry_unite:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DC011EA-0F76-4554-B19D-3B93F7C1D774", "versionEndIncluding": "1.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:research_in_motion_limited:blackberry_unite:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3D4FFD7E-241B-458A-AB88-C4C06E47C017", "vulnerable": true}, {"criteria": "cpe:2.3:a:research_in_motion_limited:blackberry_unite:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3C6120B4-CEE1-412B-9EE3-9F2B0BE690A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:research_in_motion_limited:blackberry_unite:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5A748FD0-2FED-4C8F-9693-ED16095E917A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file."}, {"lang": "es", "value": "El PDF distiller en el servicio Attachment en Research in Motion (RIM) BlackBerry Enterprise Server (BES) v4.1.3 hasta v4.1.6, BlackBerry Professional Software v4.1.4, y BlackBerry Unite! anteriores a v1.0.3 bundle 28 realiza operaciones de borrado en punteros sin inicializar, lo que permite a atacantes remotos ayudados por el usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una secuencia de datos manipulada en un fichero .pdf."}], "id": "CVE-2009-0219", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-01-21T01:30:00.343", "references": [{"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33534"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/33250"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1021559"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33534"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/33250"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1021559"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}