BlackBerry Products PDF Distiller Remote Code Execution Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 16 Dec 2010 5712 Views

RISK: Medium Risk

Medium Risk

A vulnerability has been identified in BlackBerry Enterprise Server and BlackBerry Professional Software, which could be exploited by remote attackers to execute arbitrary code. This issue is caused by a buffer overflow error in the PDF distiller of the BlackBerry Attachment Service component when processing malformed PDF files, which could be exploited by attackers to crash an affected service or execute arbitrary code by convincing a user to open a specially crafted PDF file on a BlackBerry smartphone that is associated with a user account on a vulnerable BlackBerry Enterprise Server.

Impact

  • Remote Code Execution

System / Technologies affected

  • BlackBerry Enterprise Server Express version 5.0.1 for MS Exchange
  • BlackBerry Enterprise Server Express version 5.0.2 for MS Exchange
  • BlackBerry Enterprise Server Express version 5.0.2 for Lotus Domino
  • BlackBerry Enterprise Server versions 4.1.3 through 5.0.2 for MS Exchange
  • BlackBerry Enterprise Server versions 4.1.3 through 5.0.2 for Lotus Domino
  • BlackBerry Enterprise Server versions 4.1.3 through 5.0.1 for GroupWise
  • BlackBerry Professional Software version 4.1.4 for MS Exchange
  • BlackBerry Professional Software version 4.1.4 for Lotus Domino

Solutions

Vulnerability Identifier

  • No CVE information is available

Source

Share with

Previous

Citrix Access Gateway Legacy Authentication Command Injection Vulnerability

16 Dec 2010 5864 Views

Next

Novell ZENworks Desktop Management Code Execution Vulnerabilities

16 Dec 2010 5948 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY