Skip to main content

BlackBerry Enterprise Server and Professional Software Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 15 Oct 2010 5657 Views

RISK: Medium Risk

A vulnerability has been identified in BlackBerry Enterprise Server and BlackBerry Professional Software, which could be exploited by remote attackers to compromise a vulnerable server. This issue is caused by a buffer overflow error in the PDF distiller of the BlackBerry Attachment Service component when processing malformed PDF files, which could be exploited by attackers to crash an affected service or execute arbitrary code by convincing a user to open a specially crafted PDF file on a BlackBerry smartphone that is associated with a user account on a vulnerable BlackBerry Enterprise Server.


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • BlackBerry Enterprise Server Express version 5.0.2 for MS Exchange
  • BlackBerry Enterprise Server version 5.0.2 for MS Exchange
  • BlackBerry Enterprise Server version 5.0.1 for MS Exchange
  • BlackBerry Enterprise Server version 5.0.0 for MS Exchange
  • BlackBerry Enterprise Server version 4.1.7 and prior for MS Exchange
  • BlackBerry Enterprise Server version 5.0.2 for Lotus Domino
  • BlackBerry Enterprise Server version 5.0.1 for Lotus Domino
  • BlackBerry Enterprise Server version 5.0.0 for Lotus Domino
  • BlackBerry Enterprise Server version 4.1.7 and prior for Lotus Domino
  • BlackBerry Enterprise Server version 5.0.1 for GroupWise
  • BlackBerry Enterprise Server version 4.1.7 and prior for GroupWise
  • BlackBerry Professional Software version 4.1.4 and prior for MS Exchange
  • BlackBerry Professional Software version 4.1.4 and prior for Lotus Domino

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Visit http://www.blackberry.com/go/serverdownloads
    - BlackBerry Enterprise Server Express version 5.0.2 for Microsoft Exchange - Apply Interim Security Update 1
    - BlackBerry Enterprise Server version 5.0.0 for Microsoft Exchange and IBM Lotus Domino - Apply Interim Security Update 4
    - BlackBerry Enterprise Server version 5.0.1 for Microsoft Exchange, IBM Lotus Domino, and Novell GroupWise - Apply Interim Security Update 1
    - BlackBerry Enterprise Server version 5.0.2 for Microsoft Exchange and IBM Lotus Domino - Apply Interim Security Update 1
    - BlackBerry Enterprise Server version 4.1.7 for Microsoft Exchange and IBM Lotus Domino - Apply Interim Security Update 2
    - BlackBerry Enterprise Server version 4.1.7 for Novell GroupWise - Apply Interim Security Update 1
    - BlackBerry Enterprise Server version 4.1.6 for Microsoft Exchange, IBM Lotus Domino, and Novell GroupWise - Apply Interim Security Update 5
  • BlackBerry Professional Software - Prevent the BlackBerry Attachment Service from processing PDF files.


Vulnerability Identifier


Source