Thursday, July 17, 2008 12:50 PM
cmosby
BlackBerry Enterprise Server PDF Processing Vulnerability - Secunia
BlackBerry Enterprise Server PDF Processing Vulnerability
Secunia Advisory:
SA31092
Release Date:
2008-07-17
Critical:
Highly critical
Impact:
DoS
System access
Where:
From remote
Solution Status:
Unpatched
Software:
BlackBerry Enterprise Server for Domino 4.x
BlackBerry Enterprise Server for Exchange 4.x
BlackBerry Enterprise Server for Novell GroupWise 4.x
Description:
A vulnerability has been reported in BlackBerry Enterprise Server, which potentially can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an unspecified error in the BlackBerry Attachment Service when processing PDF files. This can be exploited to potentially execute arbitrary code on the vulnerable system via an email containing a specially crafted PDF.
Successful exploitation requires that a BlackBerry smartphone user views the specially crafted PDF file.
The vulnerability is reported in versions 4.1 Service Pack 3 (4.1.3) through 4.1 Service Pack 5 (4.1.5). Other versions may also be affected.
Solution:
Disable the processing of PDF files in the BlackBerry Attachment Service. Please see vendor's advisory for more details.
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html
Filed under: Security and Anti-Virus, Patch Management, Internet Applications, Mobile\Wireless, Enterprise Applications, Software Vulnerabilites