Vulnerability CVE-2008-3246


Published: 2008-07-21   Modified: 2012-02-12

Description:
Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
RIM -> Blackberry enterprise server 
RIM -> Blackberry enterprise server for domino 
RIM -> Blackberry enterprise server for exchange 
RIM -> Blackberry enterprise server for novell groupwise 
RIM -> Blackberry unite 
Blackberry -> Enterprise server 
Blackberry -> Unite 

 References:
http://www.kb.cert.org/vuls/id/289235
http://xforce.iss.net/xforce/xfdb/43843
http://xforce.iss.net/xforce/xfdb/43840
http://www.vupen.com/english/advisories/2008/2108/references
http://www.securitytracker.com/id?1020505
http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html
http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html
http://secunia.com/advisories/31141
http://secunia.com/advisories/31092

Copyright 2024, cxsecurity.com

 

Back to Top