RIM has posted KB19860, a security advisory with information on current vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for BlackBerry Enterprise Server.

Multiple security vulnerabilities exist in the PDF distiller of some released versions of the BlackBerry Attachment Service component of the BlackBerry Enterprise Server. These vulnerabilities could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a BlackBerry smartphone that is associated with a user account on a BlackBerry Enterprise Server, could cause memory corruption and possibly lead to a Denial of Service (DoS) condition or arbitrary code execution on the computer that hosts the BlackBerry Attachment Service component of that BlackBerry Enterprise Server.

Affected software includes BES 5.0 running on Windows 2003/2008 or on Windows 2000, BES 4.1 Service Pack 3 through 7 and BlackBerry Professional Software 4.1 Service Pack 4. The severity scores for these vulnerabilities are significant.

More info, resolutions and workarounds are available in KB19860.