CVE-2010-2602

Name of the Vulnerable Software and Affected Versions BlackBerry Enterprise Server versions 4.1.6 through 4.1.7 BlackBerry Enterprise Server versions 5.0.0 through 5.0.2

Description The issue is related to multiple buffer overflows in the PDF distiller component of the BlackBerry Attachment Service. This can be exploited by remote attackers using a crafted PDF document, potentially leading to a denial of service (crash) and possibly the execution of arbitrary code.

Recommendations For versions 4.1.6 and 4.1.7, update to a version that fixes the buffer overflows in the PDF distiller component. For versions 5.0.0 through 5.0.2, update to a version that fixes the buffer overflows in the PDF distiller component. As a temporary workaround, consider restricting the handling of PDF documents by the BlackBerry Attachment Service until a patch is available.