Unrated severityNVD Advisory· Published Jan 20, 2009· Updated Apr 23, 2026
CVE-2009-0176
CVE-2009-0176
Description
Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 allow user-assisted remote attackers to execute arbitrary code via (1) a crafted stream in a .pdf file, related to "symWidths"; or (2) a crafted data stream in a .pdf file, related to "bitmaps."
Affected products
9cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_professional_software:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:research_in_motion_limited:blackberry_unite:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:research_in_motion_limited:blackberry_unite:*:*:*:*:*:*:*:*range: <=1.0.3
- cpe:2.3:a:research_in_motion_limited:blackberry_unite:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_unite:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_unite:1.0.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- secunia.com/advisories/33534nvdVendor Advisory
- www.blackberry.com/btsc/search.donvdVendor Advisory
- www.blackberry.com/btsc/search.donvdVendor Advisory
- labs.idefense.com/intelligence/vulnerabilities/display.phpnvd
- labs.idefense.com/intelligence/vulnerabilities/display.phpnvd
- www.securityfocus.com/bid/33224nvd
News mentions
0No linked articles in our index yet.