CVE-2010-2601 — HIGH (7.6) — White Hats Nepal

Q: How severe is CVE-2010-2601?

CVE-2010-2601 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-2601?

Check the references section above for vendor advisories and patch information. Affected products include: Rim Blackberry Enterprise Server, Rim Blackberry Professional Software.

Vulnerability Description

Multiple buffer overflows in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.7 and earlier and 5.0.0 through 5.0.2, and BlackBerry Professional Software 4.1.4 and earlier, allow user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document.

CVSS Score

7.6

HIGH

AV:N/AC:H/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Rim	Blackberry Enterprise Server	<= 4.1.7
Rim	Blackberry Professional Software	<= 4.1.4

Related Weaknesses (CWE)

CWE-119

References

http://blackberry.com/btsc/KB24547PatchVendor Advisory
http://blackberry.com/btsc/KB24547PatchVendor Advisory

FAQ

What is CVE-2010-2601?

CVE-2010-2601 is a vulnerability with a CVSS score of 7.6 (HIGH). Multiple buffer overflows in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.7 and earlier and 5.0.0 through 5.0.2, an...

How severe is CVE-2010-2601?

CVE-2010-2601 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-2601?

Check the references section above for vendor advisories and patch information. Affected products include: Rim Blackberry Enterprise Server, Rim Blackberry Professional Software.