CVE-2009-0176

Name of the Vulnerable Software and Affected Versions BlackBerry Enterprise Server versions 4.1.3 through 4.1.6 BlackBerry Professional Software version 4.1.4 BlackBerry Unite! versions prior to 1.0.3 bundle 28

Description The issue is related to multiple heap-based buffer overflows in the PDF distiller of the Attachment Service. This can be exploited by user-assisted remote attackers via crafted .pdf files, specifically through (1) a crafted stream related to symWidths or (2) a crafted data stream related to bitmaps, allowing the execution of arbitrary code.

Recommendations For BlackBerry Enterprise Server versions 4.1.3 through 4.1.6, update to a version outside of this range to resolve the issue. For BlackBerry Professional Software version 4.1.4, update to a version later than 4.1.4 to mitigate the risk. For BlackBerry Unite! versions prior to 1.0.3 bundle 28, update to version 1.0.3 bundle 28 or later to fix the issue.