The PDF Distiller service that is provided with BlackBerry Enterprise Server contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The risk is MEDIUM. By convincing a user to open a spsecially-crafted PDF attachment on a BlackBerry smartphone, a remote, unauthenticated attacker may be able to execute arbitrary code on the system that runs the BlackBerry Attachment Service.
More...