CVE-2008-3246
https://notcve.org/view.php?id=CVE-2008-3246
Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment. Vulnerabilidad sin especificar en el componente PDF distiller en el BlackBerry Attachment Service en BlackBerry Unite! 1.0 SP1 (1.0.1) anterior a bundle 36 y BlackBerry Enterprise Server 4.1 SP3 (4.1.3) a la v4.1 SP5 (4.1.5), permite atacantes remotos asistidos por el usuario ejecutar códigod e su elección a través de un fichero PDF adjunto manipulado. • http://secunia.com/advisories/31092 http://secunia.com/advisories/31141 http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html http://www.kb.cert.org/vuls/id/289235 http://www.securitytracker.com/id?1020505 http://www.vupen.com/english/advisories/2008/2108/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43840 https://exchange.xforce.ibmcloud.com/vulnerabilities/43843 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-3483
https://notcve.org/view.php?id=CVE-2007-3483
Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware. Research en Motion BlackBerry Enterprise Server 4.0 hasta 4.1 tiene una configuración por defecto que permite la instalación de aplicaciones arbitrarias de terceros en dispositivos BlackBerry, lo cual podría facilitar la carga de malware. • http://www.blackberry.com/btsc/articles/968/KB05499_f.SAL_Public.html http://www.praetoriang.net/presentations/blackjack.html https://exchange.xforce.ibmcloud.com/vulnerabilities/35442 •
CVE-2006-5489
https://notcve.org/view.php?id=CVE-2006-5489
Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before Hotfix 1 for IBM Lotus Domino might allow attackers with meeting organizer privileges to cause a denial of service (application hang) via a deleted recurrent meeting instance when changing the attendee's calendar meeting time. Investigaciones sobre el Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 anterior al Hotfix 1 para IBM Lotus Domino pueden permitir a atacantes remotos, con privilegios de organizador de eventos, causar la denegación de servicio (colgar la aplicación) a través del borrado de una convocatoria de reunión periódica cuando cambian la hora de encuentro en el calendario de los asistentes. • http://secunia.com/advisories/22408 http://securitytracker.com/id?1017101 http://www.blackberry.com/knowledgecenterpublic/livelink.exe/4.1.2_HF1_Release_Notes?func=doc.Fetch&nodeId=1276788 http://www.osvdb.org/29897 http://www.vupen.com/english/advisories/2006/4133 https://exchange.xforce.ibmcloud.com/vulnerabilities/29678 •
CVE-2006-0761
https://notcve.org/view.php?id=CVE-2006-0761
Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device. • http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/8149/8052/Support_-_Corrupt_Word_file_may_cause_buffer_overflow_in_the_BlackBerry_Attachment_Service.html?nodeid=1181753&vernum=2 http://www.securityfocus.com/archive/1/424728/100/0/threaded http://www.securityfocus.com/bid/16590 http://www.vupen.com/english/advisories/2006/0530 https://exchange.xforce.ibmcloud.com/vulnerabilities/24629 •
CVE-2005-4848
https://notcve.org/view.php?id=CVE-2005-4848
Buffer overflow in the decompression algorithm in Research in Motion BlackBerry Enterprise Server 4.0 SP1 and earlier before 20050607 might allow remote attackers to execute arbitrary code via certain data packets. • http://blog2.lemondeinformatique.fr/management_du_si/2006/05/notre_ami_imad_.html http://www.blackberry.com/btsc/articles/669/KB04075_f.SAL_Public.html http://www.lemonde.fr/web/article/0%2C1-0%402-3208%2C36-777732%2C0.html http://www.vupen.com/english/advisories/2007/2419 https://exchange.xforce.ibmcloud.com/vulnerabilities/35241 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •