CVE-2009-0219

Name of the Vulnerable Software and Affected Versions BlackBerry Enterprise Server versions 4.1.3 through 4.1.6 BlackBerry Professional Software version 4.1.4 BlackBerry Unite! versions prior to 1.0.3 bundle 28

Description The issue concerns the PDF distiller in the Attachment Service, which performs delete operations on uninitialized pointers. This allows remote attackers to execute arbitrary code via a crafted data stream in a .pdf file, but it requires user assistance.

Recommendations For BlackBerry Enterprise Server versions 4.1.3 through 4.1.6, update to a version outside of this range to resolve the issue. For BlackBerry Professional Software version 4.1.4, update to a version later than 4.1.4 to mitigate the risk. For BlackBerry Unite! versions prior to 1.0.3 bundle 28, update to version 1.0.3 bundle 28 or later to fix the problem.