Home » BlackBerry News - Highly Critical Code Execution Vulnerability for users of the BlackBerry Enterprise Server
It looks like you might be new to our site. You may want to subscribe to the feed delivered by email or follow us on Twitter.
Advertisement
» BlackBerry News - Highly Critical Code Execution Vulnerability for users of the BlackBerry Enterprise Server
By GeekBerry Staff
Published: July 17, 2008 @ 11:17 pm —
No Comments
Filed Under
   Print This Article Print This Article
Rate & Recommend
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5 out of 5)
>>>
Loading ... Loading ...



Unpatched code execution bug haunts BlackBerrySecurity alerts aggregator Secunia has raised an alarm for a “highly critical” vulnerability that puts users of the BlackBerry Enterprise Server at risk of code execution attacks.

Technical details of bug are not available but Secunia says it is caused by an unspecified error in the BlackBerry Attachment Service when processing PDF files.

The vulnerability is reported in versions 4.1 Service Pack 3 (4.1.3) through 4.1 Service Pack 5 (4.1.5). Other versions may also be affected. It carries a CVSS Base Score of 9.0.

A separate advisory from Research in Motion (makers of the BlackBerry smart phone) says the flaw is in the PDF distiller of the BlackBerry Attachment Service and confirms that a malicious hacker could use a specially crafted PDF file attachment in an email message to cause arbitrary code to execute on the computer that the BlackBerry Attachment Service runs on.

If a BlackBerry smartphone user on a BlackBerry Enterprise Server opens and views the specially crafted PDF file attachment on the BlackBerry smartphone, the arbitrary code execution could compromise the computer.

The company says the issue has been escalated internally and urged BlackBerry users to be wary of PDF files that arrive from untrusted sources.

Pre-patch workarounds are available.




People who read this, also read ↓


Print This Article Print This Article

Subscribe Did you enjoy this post?

If so, subscribe to the GeekBerry RSS feed.


11:17 pm  July 17, 2008 | Filed Under BlackBerry News 
Posted by GeekBerry Staff

Advertisement


Comments

Post a Comment
Get involved and post your thoughts.

No Comments
Read the comments left by other users below, or:

Guidelines: You share in the GeekBerry.net community, so please keep your comments smart and civil. Don't attack other readers personally, and keep your language decent.




XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.






SEARCH





Recent Posts

Recent Comments

Tags



All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster.
The rest Copyright © 2003 - 2008 Affinity Media & Publishing Group, LLC · GeekBerry Intellectual Property. All rights reserved.
code is beauty        Hosted Exclusively on Dream Host Servers*

This site is not affiliated with RIM,The names RIM and BlackBerry are registered Trademarks of Research in Motion Limited.

Subscribe to Articles (RSS) or the Comments (RSS)

XHTML CSS 508 XFN


AboutAdvertisingContactDisclaimerPrivacy PolicyTerms of UsePressRSS •         • SitemapDonateSubscribeFAQ    

This website is based in the United States. By submitting personal information to this website you consent to your information being maintained in the United States, subject to applicable U.S. laws. U.S. law may be different than the law of your home country.     38.103.63.62

 

  Reffered from:
    » You are here: http://www.geekberry.net/archives/blackberry-news/2008/07/17/blackberry-news-highly-critical-code-execution-vulnerability-for-users-of-the-blackberry-enterprise-server/
   Back    |    Forward    |    Refresh    |    Print    |↑ Back to Top ›