BlackBerry Products PDF Distiller Remote Code Execution Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 13 Jan 2011 5219 Views

RISK: Medium Risk

Medium Risk

A vulnerability has been identified in BlackBerry Enterprise Server and BlackBerry Professional Software, which could be exploited by remote attackers to execute arbitrary code. This issue is caused by a buffer overflow error in the PDF distiller of the BlackBerry Attachment Service component when processing malformed PDF files, which could be exploited by attackers to crash an affected service or execute arbitrary code by convincing a user to open a specially crafted PDF file on a BlackBerry smartphone that is associated with a user account on a vulnerable BlackBerry Enterprise Server.

Impact

  • Remote Code Execution

System / Technologies affected

  • BlackBerry Enterprise Server Express version 5.0.1 for MS Exchange
  • BlackBerry Enterprise Server Express version 5.0.2 for MS Exchange
  • BlackBerry Enterprise Server Express version 5.0.2 for Lotus Domino
  • BlackBerry Enterprise Server versions 4.1.3 through 5.0.2 for MS Exchange
  • BlackBerry Enterprise Server versions 4.1.3 through 5.0.2 for Lotus Domino
  • BlackBerry Enterprise Server versions 4.1.3 through 5.0.1 for GroupWise
  • BlackBerry Professional Software version 4.1.4 for MS Exchange
  • BlackBerry Professional Software version 4.1.4 for Lotus Domino

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • BlackBerry Enterprise Server Express version 5.0.2 for MS Exchange and Lotus Domino - Apply Interim Security Software Update for January 11, 2011
  • BlackBerry Enterprise Server Express version 5.0.1 for MS Exchange - Apply Interim Security Software Update for January 11, 2011
  • BlackBerry Enterprise Server version 5.0.2 for MS Exchange and Lotus Domino - Apply Interim Security Software Update for January 11, 2011
  • BlackBerry Enterprise Server version 5.0.1 for MS Exchange, Lotus Domino, and GroupWise - Apply Interim Security Software Update for January 11, 2011
  • BlackBerry Enterprise Server version 5.0.0 for MS Exchange and Lotus Domino - Apply Interim Security Software Update for January 11, 2011
  • BlackBerry Enterprise Server version 4.1.7 for MS Exchange, Lotus Domino, and GroupWise - Apply Interim Security Software Update for January 11, 2011
  • BlackBerry Enterprise Server version 4.1.6 for MS Exchange, Lotus Domino, and GroupWise - Apply Interim Security Update for January 11, 2011
  • http://www.blackberry.com/go/serverdownloads
  • http://www.blackberry.com/btsc/KB25382

Vulnerability Identifier

Source

Related Link

Share with

Previous

HP OpenView Network Node Manager Code Execution Vulnerabilities

13 Jan 2011 5648 Views

Next

Google Chrome and Chrome OS Multiple Memory Corruption Vulnerabilities

14 Jan 2011 5166 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY