BlackBerry Attachment Service PDF Distiller Uninitialized Heap Memory Code Execution Vulnerability

BlackBerry Attachment Service is prone to a remote code-execution vulnerability when handling specially crafted PDF files.

Attackers can leverage this issue to execute arbitrary machine code in the context of the vulnerable service, possibly with SYSTEM-level privileges. Successful exploits will compromise the server. Failed attacks will likely result in denial-of-service conditions.

NOTE: This issue was originally included in BID 33224 (BlackBerry Attachment Service PDF Distiller Remote Buffer Overflow Vulnerability), but has been given its own entry to better document the issue.

This issue affects the following:

BlackBerry Enterprise Server 4.1.3 through 4.1.6
BlackBerry Unite! prior to 1.0 SP3 bundle 28
BlackBerry Professional Software 4.1.4


 

Privacy Statement
Copyright 2010, SecurityFocus