CVE-2008-3246

Published: Jul 21, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment.

Affected (14)

Products: Blackberry: Enterprise Server, Unite · Rim: Blackberry Enterprise Server, Blackberry Enterprise Server For Domino, Blackberry Enterprise Server For Exchange, Blackberry Enterprise Server For Novell Groupwise, Blackberry Unite

2 products

Enterprise Server

5 products

Blackberry Enterprise Server

Blackberry Enterprise Server For Domino

Blackberry Enterprise Server For Exchange

Blackberry Enterprise Server For Novell Groupwise

Blackberry Unite

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Blackberry Enterprise Server	Version 4.1.3
Blackberry Enterprise Server	Version 4.1.4
Blackberry Enterprise Server	Version 4.1.5
Blackberry Enterprise Server	Version 4.1 sp3
Blackberry Unite	Version 1.0.1
Blackberry Unite	Version 1.0 sp1
Rim Blackberry Enterprise Server	Version 4.1.3
Rim Blackberry Enterprise Server	Version 4.1.4
Rim Blackberry Enterprise Server	Version 4.1.5
Rim Blackberry Enterprise Server For Domino	All versions
Rim Blackberry Enterprise Server For Exchange	All versions
Rim Blackberry Enterprise Server For Novell Groupwise	All versions
Rim Blackberry Unite	Version 1.0.1
Rim Blackberry Unite	Version 1.0 sp1

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (18)

http://secunia.com/advisories/31092

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/31141

Source: cve@mitre.org

http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html

Source: cve@mitre.org

http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/289235

Source: cve@mitre.org

US Government Resource

http://www.securitytracker.com/id?1020505

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/2108/references

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/43840

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/43843

Source: cve@mitre.org

http://secunia.com/advisories/31092

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/31141

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/289235

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.securitytracker.com/id?1020505

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/2108/references

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/43840

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/43843

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.