CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
February 10th, 2009

ActiveX Control Flaw In BlackBerry Leads To Code Execution Attacks

Research in Motion (RIM) today raised an alarm for a serious security vulnerability in the BlackBerry Application Web Loader, warning that it exposes Windows users to code execution attacks.

When a BlackBerry device user browses to a web site that is designed to install the BlackBerry Application Web Loader ActiveX control on BlackBerry devices over a USB connection, and clicks Yes to install and run the ActiveX control, the ActiveX control introduces the vulnerability to the computer.

Malicious hacker could use booby-trapped HTML documents or Web pages to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer to crash.

To fix this issue, install the updated version of the BlackBerry Application Web Loader:

1. Visit http://na.blackberry.com/eng/developers/javaappdev/devtools.jsp

2. Click the link to download the BlackBerry Application Web Loader v1.1.

3. Complete the installation wizard.

A separate update rollup for Active killbits for this BlackBerry issue and two other ActiveX control vulnerabilities can be found at http://www.microsoft.com/technet/security/advisory/960715.mspx.

Share this item with others:

More on CyberInsecure:
  • PDF Processing Vulnerabilities Patched In BlackBerry
  • Critical PDF Processing Vulnerability In BlackBerry Enterprise Server
  • Blackberry Spyware Source Code, TXSBBspy, Released By Veracode
  • Researchers Warn BlackBerry Users Over Malformed PDF Vulnerability
  • Remote Code Execution Vulnerability In The ActiveX Control For The Microsoft Access Snapshot Viewer Added Into Neosploit

    • Posted in Microsoft, Mobile, Software, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Tuesday, February 10th, 2009 at 2:00 pm and is filed under Microsoft, Mobile, Software, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: ActiveX Control Flaw In BlackBerry Leads To Code Execution Attacks

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »