Secunia

Some vulnerabilities have been reported in BlackBerry Enterprise Server and BlackBerry Unite!, which can be exploited by malicious people to compromise a vulnerable system.

1) A boundary error exists in the PDF Distiller component within the Attachment Service when parsing a certain stream in PDF files. This can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.

2) A boundary error exists in the PDF Distiller component within the Attachment Service when parsing a data stream in PDF files. This can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.

3) A vulnerability is caused due to a logic error in the PDF Distiller component within the Attachment Service when parsing a data stream in PDF files. This can lead to uninitialised memory being used when processing a specially crafted PDF file.

Successful exploitation may allow execution of arbitrary code when an email attachment containing a specially crafted PDF document is being requested for viewing.

The vulnerabilities are reported in the following products and versions:
* BlackBerry Enterprise Server version 4.1 Service Pack 3 (4.1.3) through 4.1 Service Pack 6 (4.1.6)
* BlackBerry Professional Software 4.1 Service Pack 4 (4.1.4)
* BlackBerry Unite! versions prior to 1.0 Service Pack 3 (1.0.3) bundle 28

Solution
-- BlackBerry Enterprise Server --
Further details available in Customer Area

Provided and/or discovered by
Sean Larsson of iDefense Labs

Changelog
Further details available in Customer Area

Original Advisory
BlackBerry:
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=764
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=765
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766

Deep Links
Links available in Customer Area