Skip to main content

BlackBerry Products PDF Distiller Remote Code Execution Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 13 Jan 2011 5751 Views

RISK: Medium Risk

A vulnerability has been identified in BlackBerry Enterprise Server and BlackBerry Professional Software, which could be exploited by remote attackers to execute arbitrary code. This issue is caused by a buffer overflow error in the PDF distiller of the BlackBerry Attachment Service component when processing malformed PDF files, which could be exploited by attackers to crash an affected service or execute arbitrary code by convincing a user to open a specially crafted PDF file on a BlackBerry smartphone that is associated with a user account on a vulnerable BlackBerry Enterprise Server.


Impact

  • Remote Code Execution

System / Technologies affected

  • BlackBerry Enterprise Server Express version 5.0.1 for MS Exchange
  • BlackBerry Enterprise Server Express version 5.0.2 for MS Exchange
  • BlackBerry Enterprise Server Express version 5.0.2 for Lotus Domino
  • BlackBerry Enterprise Server versions 4.1.3 through 5.0.2 for MS Exchange
  • BlackBerry Enterprise Server versions 4.1.3 through 5.0.2 for Lotus Domino
  • BlackBerry Enterprise Server versions 4.1.3 through 5.0.1 for GroupWise
  • BlackBerry Professional Software version 4.1.4 for MS Exchange
  • BlackBerry Professional Software version 4.1.4 for Lotus Domino

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • BlackBerry Enterprise Server Express version 5.0.2 for MS Exchange and Lotus Domino - Apply Interim Security Software Update for January 11, 2011
  • BlackBerry Enterprise Server Express version 5.0.1 for MS Exchange - Apply Interim Security Software Update for January 11, 2011
  • BlackBerry Enterprise Server version 5.0.2 for MS Exchange and Lotus Domino - Apply Interim Security Software Update for January 11, 2011
  • BlackBerry Enterprise Server version 5.0.1 for MS Exchange, Lotus Domino, and GroupWise - Apply Interim Security Software Update for January 11, 2011
  • BlackBerry Enterprise Server version 5.0.0 for MS Exchange and Lotus Domino - Apply Interim Security Software Update for January 11, 2011
  • BlackBerry Enterprise Server version 4.1.7 for MS Exchange, Lotus Domino, and GroupWise - Apply Interim Security Software Update for January 11, 2011
  • BlackBerry Enterprise Server version 4.1.6 for MS Exchange, Lotus Domino, and GroupWise - Apply Interim Security Update for January 11, 2011
  • http://www.blackberry.com/go/serverdownloads
  • http://www.blackberry.com/btsc/KB25382


Vulnerability Identifier


Source


Related Link