CVE-2010-2604

Name of the Vulnerable Software and Affected Versions BlackBerry Enterprise Server versions 4.1.3 through 5.0.2 BlackBerry Enterprise Server Express versions 5.0.1 through 5.0.2

Description The issue is related to multiple buffer overflows in the PDF Distiller component of the BlackBerry Attachment Service. This allows remote attackers to execute arbitrary code by sending a crafted PDF file.

Recommendations For BlackBerry Enterprise Server versions 4.1.3 through 5.0.2, update to a version that includes a fix for the buffer overflows in the PDF Distiller component. For BlackBerry Enterprise Server Express versions 5.0.1 through 5.0.2, update to a version that includes a fix for the buffer overflows in the PDF Distiller component. As a temporary workaround, consider restricting the handling of PDF files in the Attachment Service until a patch is available.