Detections
Analytics
BlackBerry Enterprise Server / Attachment Service PDF Distiller Unspecified Vulnerabilities (KB19860)
high Nessus Plugin ID 43007
Synopsis
The remote Windows host has an application that is affected by unspecified vulnerabilities.Description
The version of BlackBerry Enterprise Server on the remote host reportedly contains several unspecified vulnerabilities in the PDF distiller component of the BlackBerry Attachment Service. By sending a specially crafted PDF file and having it opened on a Blackberry smartphone, an attacker may be able to execute arbitrary code on the system that runs the BlackBerry Attachment Service.Solution
Apply the vendor-supplied patches.See Also
https://salesforce.services.blackberry.com/kbredirect/viewContent.do?externalID=KB19860
Plugin Details
Severity: High
ID: 43007
File Name: blackberry_es_pdf_kb19860.nasl
Version: 1.14
Type: local
Agent: windows
Family: Windows
Published: 12/4/2009
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:rim:blackberry_enterprise_server
Required KB Items: BlackBerry_ES/Product, BlackBerry_ES/Path, BlackBerry_ES/Version, BlackBerry_ES/AttachmentServer, SMB/Registry/Enumerated
Exploit Ease: No known exploits are available
Patch Publication Date: 12/1/2009
Vulnerability Publication Date: 12/1/2009
Reference Information
CVE: CVE-2009-4778
BID: 37167
Secunia: 37562