Critical PDF Processing Vulnerability In BlackBerry Enterprise Server
BlackBerry reports a highly critical vulnerability in BlackBerry Enterprise Server, which potentially can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an unspecified error in the BlackBerry Attachment Service when processing PDF files. This can be exploited to potentially execute arbitrary code on the vulnerable system via an email containing a specially crafted PDF.
Successful exploitation requires that a BlackBerry smartphone user views the specially crafted PDF file.
The vulnerability is reported in versions 4.1 Service Pack 3 (4.1.3) through 4.1 Service Pack 5 (4.1.5). Other versions may also be affected.
A separate advisory from Research in Motion, the makers of the BlackBerry smart phone, says the flaw is in the PDF distiller of the BlackBerry Attachment Service and confirms that a malicious hacker could use a specially crafted PDF file attachment in an email message to cause arbitrary code to execute on the computer that the BlackBerry Attachment Service runs on.
The company says the issue has been escalated internally and urged BlackBerry users to be wary of PDF files that arrive from untrusted sources.
Currently the vulnerability is unpatched. Technical details of this bug are not available but as a workaround, disable the processing of PDF files in the BlackBerry Attachment Service.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.