Critical Blackberry Vulnerabilities


Recommended Posts

BlackBerry Products PDF Distiller Multiple VulnerabilitiesSecunia Advisory: SA33534

Release Date: 2009-01-13 Popularity: 1,060 views

Critical: crit_4.gif

Highly critical

Impact: DoS

System access

Where: From remote Solution Status: Vendor Patch

Software:BlackBerry Enterprise Server for Domino 4.x

BlackBerry Enterprise Server for Exchange 4.x

BlackBerry Enterprise Server for Novell GroupWise 4.x

BlackBerry Professional Software 4.x

BlackBerry Unite! 1.x

Subscribe: Instant alerts on relevant vulnerabilities

Description:

Some vulnerabilities have been reported in BlackBerry Enterprise Server and BlackBerry Unite!, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerabilities are caused due to unspecified errors in the PDF distiller component of the BlackBerry Attachment Service. These can be exploited to cause memory corruptions when an email containing a specially crafted PDF document is being opened for viewing.

Successful exploitation may allow execution of arbitrary code.

The vulnerabilities are reported in the following products and versions:

* BlackBerry Enterprise Server version 4.1 Service Pack 3 (4.1.3) through 4.1 Service Pack 6 (4.1.6)

* BlackBerry Professional Software 4.1 Service Pack 4 (4.1.4)

* BlackBerry Unite! versions prior to 1.0 Service Pack 3 (1.0.3) bundle 28

Solution:

-- BlackBerry Enterprise Server --

Apply Interim Security Update 2.

http://www.blackberry.com/go/serverdownloads

-- BlackBerry Professional Software --

Apply Interim Security Update 2.

http://na.blackberry.com/eng/support/downl...ab_professional

-- BlackBerry Unite! --

Update to the latest version.

http://www.blackberry.com/go/blackberryunite

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

RIM Patch Fixes Attachment Flaw

Nancy Gohring, IDG News Service

Tuesday, January 13, 2009 11:20 AM PST

Research In Motion issued a software update to address a vulnerability that could let a hacker send malicious code in a PDF file.

The update, released on Monday, fixes multiple vulnerabilities in the way that the BlackBerry Attachment Service handles certain PDF (Portable Document Format) files. The attachment service, a component of the BlackBerry Enterprise Service, displays e-mail attachments such as PDF, Word, PowerPoint, Excel and HTML files for BlackBerry users.

The vulnerabilities could let a hacker send an e-mail message with a PDF file that, when opened by a BlackBerry user, could cause memory corruption or launch code on the computer that hosts the BlackBerry Attachment Service, RIM said in the security advisory.

secunia Advisories ..

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...