Rim Closes Another Blackberry Pdf Vulnerability


Recommended Posts

27 May 2009, 11:00

RIM closes another BlackBerry PDF vulnerability

"According to Research In Motion (RIM), a specially crafted PDF file can be used by an attacker to gain control of a BlackBerry Enterprise server. As with several previous vulnerabilities, the problem is in the PDF distiller of the BlackBerry Attachment service which pre-processes documents on the server so they can be easily read on a BlackBerry device.

Opening the crafted PDF document on a BlackBerry smartphone client triggers the server error, causing memory corruption which leads to the execution of arbitrary code. According to RIM, BlackBerry Enterprise Server 4.1.3, 5.0 and BlackBerry Professional 4.1.4 are affected. The Interim Security Software Update 2 for Enterprise Server 5.0 and Update 4 for Enterprise Server 4.1.3 and Professional fix the problem.

While RIM have released updates to the applications, in the interim they advise disabling PDF file processing on the BlackBerry server and give instructions on how to do so in the advisory."

See also:

Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server, security advisory from RIM.

Heise security - http://www.h-online.com/security/RIM-close...y--/news/113385

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.