Skip to main content

BlackBerry Products PDF Distiller Code Execution Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 4 Dec 2009 5199 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in BlackBerry Enterprise Server and BlackBerry Professional Software, which could be exploited by attackers to compromise a vulnerable device. These issues are caused by memory corruption errors in the PDF distiller of the BlackBerry Attachment Service component when processing malformed PDF files, which could be exploited by attackers to crash an affected service or execute arbitrary code by tricking a user into opening a malicious PDF document.


Impact

  • Remote Code Execution

System / Technologies affected

  • BlackBerry Enterprise Server software version 5.0.0
  • BlackBerry Enterprise Server software version 4.1 Service Pack 3 (4.1.3) through 4.1 Service Pack 7 (4.1.7)
  • BlackBerry Professional Software 4.1 Service Pack 4 (4.1.4)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Apply fixes :
http://www.blackberry.com/btsc/KB19860


Vulnerability Identifier

  • No CVE information is available

Source


Related Link