CVE-2010-2604

Published: Jan 13, 2011Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file.

Affected (11)

Products: Rim: Blackberry Enterprise Server, Blackberry Enterprise Server Express

2 products

Blackberry Enterprise Server

Blackberry Enterprise Server Express

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Rim Blackberry Enterprise Server	Version 4.1.3
Rim Blackberry Enterprise Server	Version 4.1.4
Rim Blackberry Enterprise Server	Version 4.1.5
Rim Blackberry Enterprise Server	Version 4.1.6
Rim Blackberry Enterprise Server	Version 4.1.6 mr4
Rim Blackberry Enterprise Server	Version 4.1.7
Rim Blackberry Enterprise Server	Version 5.0.0
Rim Blackberry Enterprise Server	Version 5.0.1
Rim Blackberry Enterprise Server	Version 5.0.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Rim Blackberry Enterprise Server Express	Version 5.0.1
Rim Blackberry Enterprise Server Express	Version 5.0.2

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (14)

http://osvdb.org/70393

Source: cve@mitre.org

http://secunia.com/advisories/42882

Source: cve@mitre.org

Vendor Advisory

http://www.blackberry.com/btsc/KB25382

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/45753

Source: cve@mitre.org

http://www.securitytracker.com/id?1024953

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0081

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/64621

Source: cve@mitre.org

http://osvdb.org/70393

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/42882

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.blackberry.com/btsc/KB25382

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/45753

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1024953

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0081

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/64621

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.