Peaches Posted January 14, 2009 Report Share Posted January 14, 2009 BlackBerry Products PDF Distiller Multiple VulnerabilitiesSecunia Advisory: SA33534 Release Date: 2009-01-13 Popularity: 1,060 views Critical: Highly critical Impact: DoSSystem accessWhere: From remote Solution Status: Vendor Patch Software:BlackBerry Enterprise Server for Domino 4.xBlackBerry Enterprise Server for Exchange 4.xBlackBerry Enterprise Server for Novell GroupWise 4.xBlackBerry Professional Software 4.xBlackBerry Unite! 1.xSubscribe: Instant alerts on relevant vulnerabilities Description:Some vulnerabilities have been reported in BlackBerry Enterprise Server and BlackBerry Unite!, which can be exploited by malicious people to compromise a vulnerable system.The vulnerabilities are caused due to unspecified errors in the PDF distiller component of the BlackBerry Attachment Service. These can be exploited to cause memory corruptions when an email containing a specially crafted PDF document is being opened for viewing.Successful exploitation may allow execution of arbitrary code.The vulnerabilities are reported in the following products and versions:* BlackBerry Enterprise Server version 4.1 Service Pack 3 (4.1.3) through 4.1 Service Pack 6 (4.1.6)* BlackBerry Professional Software 4.1 Service Pack 4 (4.1.4)* BlackBerry Unite! versions prior to 1.0 Service Pack 3 (1.0.3) bundle 28Solution:-- BlackBerry Enterprise Server --Apply Interim Security Update 2.http://www.blackberry.com/go/serverdownloads-- BlackBerry Professional Software --Apply Interim Security Update 2.http://na.blackberry.com/eng/support/downl...ab_professional-- BlackBerry Unite! --Update to the latest version.http://www.blackberry.com/go/blackberryunite>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>RIM Patch Fixes Attachment FlawNancy Gohring, IDG News Service Tuesday, January 13, 2009 11:20 AM PSTResearch In Motion issued a software update to address a vulnerability that could let a hacker send malicious code in a PDF file. The update, released on Monday, fixes multiple vulnerabilities in the way that the BlackBerry Attachment Service handles certain PDF (Portable Document Format) files. The attachment service, a component of the BlackBerry Enterprise Service, displays e-mail attachments such as PDF, Word, PowerPoint, Excel and HTML files for BlackBerry users. The vulnerabilities could let a hacker send an e-mail message with a PDF file that, when opened by a BlackBerry user, could cause memory corruption or launch code on the computer that hosts the BlackBerry Attachment Service, RIM said in the security advisory. secunia Advisories .. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.