CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 17th, 2008

Critical PDF Processing Vulnerability In BlackBerry Enterprise Server

BlackBerry reports a highly critical vulnerability in BlackBerry Enterprise Server, which potentially can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an unspecified error in the BlackBerry Attachment Service when processing PDF files. This can be exploited to potentially execute arbitrary code on the vulnerable system via an email containing a specially crafted PDF.

Successful exploitation requires that a BlackBerry smartphone user views the specially crafted PDF file.

The vulnerability is reported in versions 4.1 Service Pack 3 (4.1.3) through 4.1 Service Pack 5 (4.1.5). Other versions may also be affected.

A separate advisory from Research in Motion, the makers of the BlackBerry smart phone, says the flaw is in the PDF distiller of the BlackBerry Attachment Service and confirms that a malicious hacker could use a specially crafted PDF file attachment in an email message to cause arbitrary code to execute on the computer that the BlackBerry Attachment Service runs on.

The company says the issue has been escalated internally and urged BlackBerry users to be wary of PDF files that arrive from untrusted sources.

Currently the vulnerability is unpatched. Technical details of this bug are not available but as a workaround, disable the processing of PDF files in the BlackBerry Attachment Service.

Email, Bookmark or Share:
  • E-mail this story to a friend!
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • Technorati
  • Slashdot
  • Propeller
  • Google
  • Live
  • YahooMyWeb
  • TwitThis
  • Facebook
  • LinkedIn

More on CyberInsecure:
  • Researchers Warn BlackBerry Users Over Malformed PDF Vulnerability
  • PDF Processing Vulnerabilities Patched In BlackBerry
  • Blackberry Spyware Source Code, TXSBBspy, Released By Veracode
  • ActiveX Control Flaw In BlackBerry Leads To Code Execution Attacks
  • MS Windows DNS Client Service Vulnerability

    • Posted in Hardware, Software, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Thursday, July 17th, 2008 at 11:35 am and is filed under Hardware, Software, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Critical PDF Processing Vulnerability In BlackBerry Enterprise Server

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « « Mozilla Releases Firefox 2.0.0.16 With Two Security Updates
    Backup Tape With Private Details Stolen From Greensboro Gynecology Associates » »