BlackBerry Enterprise Server and Professional Software Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 15 Oct 2010 4690 Views

RISK: Medium Risk

Medium Risk

A vulnerability has been identified in BlackBerry Enterprise Server and BlackBerry Professional Software, which could be exploited by remote attackers to compromise a vulnerable server. This issue is caused by a buffer overflow error in the PDF distiller of the BlackBerry Attachment Service component when processing malformed PDF files, which could be exploited by attackers to crash an affected service or execute arbitrary code by convincing a user to open a specially crafted PDF file on a BlackBerry smartphone that is associated with a user account on a vulnerable BlackBerry Enterprise Server.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • BlackBerry Enterprise Server Express version 5.0.2 for MS Exchange
  • BlackBerry Enterprise Server version 5.0.2 for MS Exchange
  • BlackBerry Enterprise Server version 5.0.1 for MS Exchange
  • BlackBerry Enterprise Server version 5.0.0 for MS Exchange
  • BlackBerry Enterprise Server version 4.1.7 and prior for MS Exchange
  • BlackBerry Enterprise Server version 5.0.2 for Lotus Domino
  • BlackBerry Enterprise Server version 5.0.1 for Lotus Domino
  • BlackBerry Enterprise Server version 5.0.0 for Lotus Domino
  • BlackBerry Enterprise Server version 4.1.7 and prior for Lotus Domino
  • BlackBerry Enterprise Server version 5.0.1 for GroupWise
  • BlackBerry Enterprise Server version 4.1.7 and prior for GroupWise
  • BlackBerry Professional Software version 4.1.4 and prior for MS Exchange
  • BlackBerry Professional Software version 4.1.4 and prior for Lotus Domino

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Visit http://www.blackberry.com/go/serverdownloads
    - BlackBerry Enterprise Server Express version 5.0.2 for Microsoft Exchange - Apply Interim Security Update 1
    - BlackBerry Enterprise Server version 5.0.0 for Microsoft Exchange and IBM Lotus Domino - Apply Interim Security Update 4
    - BlackBerry Enterprise Server version 5.0.1 for Microsoft Exchange, IBM Lotus Domino, and Novell GroupWise - Apply Interim Security Update 1
    - BlackBerry Enterprise Server version 5.0.2 for Microsoft Exchange and IBM Lotus Domino - Apply Interim Security Update 1
    - BlackBerry Enterprise Server version 4.1.7 for Microsoft Exchange and IBM Lotus Domino - Apply Interim Security Update 2
    - BlackBerry Enterprise Server version 4.1.7 for Novell GroupWise - Apply Interim Security Update 1
    - BlackBerry Enterprise Server version 4.1.6 for Microsoft Exchange, IBM Lotus Domino, and Novell GroupWise - Apply Interim Security Update 5
  • BlackBerry Professional Software - Prevent the BlackBerry Attachment Service from processing PDF files.

Vulnerability Identifier

Source

Share with

Previous

Winamp File Processing Buffer and Integer Overflow Vulnerabilities

15 Oct 2010 4693 Views

Next

RealNetworks RealPlayer Multiple Vulnerabilities

19 Oct 2010 4725 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY