CVE-2010-2601

Опубликовано: 14 окт. 2010

Источник: nvd

CVSS2: 7.6

EPSS Низкий

Описание

Multiple buffer overflows in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.7 and earlier and 5.0.0 through 5.0.2, and BlackBerry Professional Software 4.1.4 and earlier, allow user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document.

Ссылки

http://blackberry.com/btsc/KB24547
Patch
Vendor Advisory
http://blackberry.com/btsc/KB24547
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rim:blackberry_enterprise_server:*:*:*:*:*:*:*:*

Версия до 4.1.7 (включая)

cpe:2.3:a:rim:blackberry_enterprise_server:2.2:*:*:*:*:*:*:*

cpe:2.3:a:rim:blackberry_enterprise_server:3.6:*:*:*:*:*:*:*

cpe:2.3:a:rim:blackberry_enterprise_server:3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:rim:blackberry_enterprise_server:4.0:*:*:*:*:*:*:*

cpe:2.3:a:rim:blackberry_enterprise_server:4.0:sp3:*:*:*:*:*:*

cpe:2.3:a:rim:blackberry_enterprise_server:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:rim:blackberry_enterprise_server:4.1:*:*:*:*:*:*:*

cpe:2.3:a:rim:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*

cpe:2.3:a:rim:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*

cpe:2.3:a:rim:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*

cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:*:*:*:*:*:*:*

cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:mr4:*:*:*:*:*:*

cpe:2.3:a:rim:blackberry_enterprise_server:5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:rim:blackberry_enterprise_server:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rim:blackberry_enterprise_server:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rim:blackberry_professional_software:*:*:*:*:*:*:*:*

Версия до 4.1.4 (включая)

EPSS

Процентиль: 87%

0.0353

Низкий

7.6 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-x56m-m75r-8r6q

github

больше 3 лет назад