BlackBerry Products PDF Distiller Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 29 May 2009 5288 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in various BlackBerry products, which could be exploited by attackers to compromise a vulnerable device. These issues are caused by memory corruption errors in the PDF distiller of the BlackBerry Attachment Service component when processing malformed PDF files, which could be exploited by attackers to crash an affected service or execute arbitrary code with SYSTEM privileges by tricking a user into opening a malicious PDF document.

Impact

Remote Code Execution

System / Technologies affected

BlackBerry Enterprise Server software versions 4.1 Service Pack 3 (4.1.3) through 5.0
BlackBerry Professional Software version 4.1 Service Pack 4 (4.1.4)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

BlackBerry Enterprise Server 5.0 - Apply Interim Security Update 2 :
http://www.blackberry.com/go/serverdownloads
BlackBerry Enterprise Server 4.1.x - Apply Interim Security Update 4 :
http://www.blackberry.com/go/serverdownloads
BlackBerry Professional Software - Apply Interim Security Update 4 :
http://na.blackberry.com/eng/support/downloads/

Vulnerability Identifier

CVE-2009-0305

Source

Share with

HP-UX Java Multiple Vulnerabilities

29 May 2009 5429 Views

Microsoft DirectShow Remote Code Execution Vulnerability

29 May 2009 5210 Views