BlackBerry Products PDF Distiller Memory Corruption Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 14 Jan 2009 4745 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in various BlackBerry products, which could be exploited by attackers to compromise a vulnerable device. These issues are caused by heap overflow and uninitialized memory errors in the PDF distiller of the BlackBerry Attachment Service component when processing malformed PDF files, which could be exploited by attackers to crash an affected service or execute arbitrary code with SYSTEM privileges by tricking a user into opening a malicious PDF document.

Impact

Denial of Service
Remote Code Execution

System / Technologies affected

BlackBerry Enterprise Server for Domino 4.x
BlackBerry Enterprise Server for Exchange 4.x
BlackBerry Enterprise Server for Novell GroupWise 4.x
BlackBerry Professional Software 4.x
BlackBerry Unite! 1.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Interim Security Update 2 for BlackBerry Enterprise Server :
- http://www.blackberry.com/go/serverdownloads
Upgrade to Interim Security Update 2 for BlackBerry Professional :
- http://na.blackberry.com/eng/support/downloads/#tab_professional
Upgrade to the latest version of the BlackBerry Unite! software :
- http://www.blackberry.com/go/blackberryunite

Vulnerability Identifier

No CVE information is available

Source

Share with

Microsoft Windows SMB Multiple Vulnerabilities( 14 January 2009 )

14 Jan 2009 4614 Views

Winamp AIFF File Header Processing Buffer Overflow Vulnerability

14 Jan 2009 4833 Views