CVSS: 9.3EPSS: 1%CPEs: 8EXPL: 0CVE-2010-2600
https://notcve.org/view.php?id=CVE-2010-2600
Untrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Blackberry. Vulnerabilidad ruta de búsqueda no confiable en BlackBerry Desktop Software anterior a v6.0.0.47 permite a los usuarios locales, y posiblemente a los atacantes remotos, ejecutar código a su elección y y producir un ataque de secuestro de DLL, a través de un troyano DLL que está ubicado en la misma carpeta que un fichero que sea procesado por Blackberry. • http://secunia.com/advisories/41346 http://secunia.com/advisories/41398 http://www.blackberry.com/btsc/KB24242 http://www.securityfocus.com/bid/43139 http://www.securitytracker.com/id?1024425 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6843 •
CVSS: 9.3EPSS: 7%CPEs: 7EXPL: 0CVE-2009-4778
https://notcve.org/view.php?id=CVE-2009-4778
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246, CVE-2009-0176, CVE-2009-0219, CVE-2009-2643, and CVE-2009-2646. Múltiples vulnerabilidades no especificadas en PDF distiller en el componente Attachment Service en Research In Motion (RIM) BlackBerry Enterprise Server (BES) software v4.1.3 hasta v4.1.7 y v5.0.0, y BlackBerry Professional Software v4.1.4, permite a atacantes remotos asistidos por usuarios causar una denegación de servicio (caída de memoria) o probablemente ejecutar código de su elección a través de un fichero adjunto .pdf manipulado, una vulnerabilidad diferente que CVE-2008-3246, CVE-2009-0176, CVE-2009-0219, CVE-2009-2643, and CVE-2009-2646. • http://secunia.com/advisories/37562 http://www.blackberry.com/btsc/KB19860 http://www.securityfocus.com/bid/37167 http://www.securitytracker.com/id?1023258 http://www.vupen.com/english/advisories/2009/3372 •
CVSS: 9.3EPSS: 2%CPEs: 2EXPL: 0CVE-2009-0306
https://notcve.org/view.php?id=CVE-2009-0306
Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote attackers to execute arbitrary code via a crafted web page. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer en el control ActiveX Intellisync en lnresobject.dll in BlackBerry Desktop Manager en Research In Motion (RIM) BlackBerry Desktop Software anterior a v5.0.1, permite a atacantes remotos ejecutar código de su elección a través de una página web manipulada. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros. • http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB19701 http://www.securityfocus.com/bid/36903 http://www.vupen.com/english/advisories/2009/3133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2009-3477
https://notcve.org/view.php?id=CVE-2009-3477
The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before 4.5.0.173, 4.6.0 before 4.6.0.303, 4.6.1 before 4.6.1.309, 4.7.0 before 4.7.0.179, and 4.7.1 before 4.7.1.57 does not properly handle "hidden" characters including a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. El Navegador de Blackberry en RIM BlackBerry Device Software v4.5.0 anterior a v4.5.0.173, 4.6.0 anterior a v4.6.0.303, 4.6.1 anterior a v4.6.1.309, 4.7.0 anterior a v4.7.0.179, y 4.7.1 anterior a v4.7.1.57 no maneja apropiadamente caracteres "ocultos" incluyendo un carácter '\0' en un nombre de dominio en el campo nombre común (NC) de un certificado X.509, lo cual permite a atacantes hombre-en-el-medio (man-in-the-middle) remotos suplantar servidores SSL a su elección a través de de un certificado manipulado expedido por una Autoridad de Certificación legítima, un tema relacionado con CVE-2009-2408. • http://secunia.com/advisories/36875 http://www.blackberry.com/btsc/viewContent.do?externalId=KB19552 http://www.securityfocus.com/bid/36528 http://www.securitytracker.com/id?1022951 https://exchange.xforce.ibmcloud.com/vulnerabilities/53490 • CWE-310: Cryptographic Issues •
CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0CVE-2009-2646
https://notcve.org/view.php?id=CVE-2009-2646
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.6 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219. Vulnerabilidad múltiple no especificado en PDF distiller en el componente Attachment Service en Research In Motion (RIM) BlackBerry Enterprise Server (BES) software v4.1.3 hasta v4.1.6 y BlackBerry Professional Software v4.1.4 permite a los atacantes remotos asistidos por usuarios causar una denegación de memoria(corrupción de memoria) o posiblemente ejecutar arbitrariamente código a través de un fichero adjunto .pdf manipulado, una vulnerabilidad diferente a CVE-2008-3246 y CVE-2009-0219. • http://www.blackberry.com/btsc/KB17953 •