Unrated severityNVD Advisory· Published Jan 20, 2009· Updated Jun 16, 2026
CVE-2009-0176
CVE-2009-0176
Description
Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 allow user-assisted remote attackers to execute arbitrary code via (1) a crafted stream in a .pdf file, related to "symWidths"; or (2) a crafted data stream in a .pdf file, related to "bitmaps."
Affected products
12cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_enterprise_server:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_professional_software:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:research_in_motion_limited:blackberry_unite:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:research_in_motion_limited:blackberry_unite:*:*:*:*:*:*:*:*range: <=1.0.3
- cpe:2.3:a:research_in_motion_limited:blackberry_unite:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_unite:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:research_in_motion_limited:blackberry_unite:1.0.2:*:*:*:*:*:*:*
- Range: 4.1.3 - 4.1.6
- Range: 4.1.4
- Range: < 1.0.3 bundle 28
Patches
Vulnerability mechanics
References
6- secunia.com/advisories/33534nvdVendor Advisory
- www.blackberry.com/btsc/search.donvdVendor Advisory
- www.blackberry.com/btsc/search.donvdVendor Advisory
- labs.idefense.com/intelligence/vulnerabilities/display.phpnvd
- labs.idefense.com/intelligence/vulnerabilities/display.phpnvd
- www.securityfocus.com/bid/33224nvd
News mentions
0No linked articles in our index yet.