|
|
|
|
| |
Credit:
|
| |
Vulnerable Systems:
*BlackBerry Desktop Software (all versions) for PC
Immune Systems:
*BlackBerry Desktop Software (all versions) for Mac
Successful exploitation of the issue using any version of the BlackBerry Desktop Software requires the following steps:
1.The malicious user must have gained access to the internal network of the BlackBerry Desktop Software user.
2.The malicious user must have already placed malicious files on the internal network of the BlackBerry Desktop Software.
3.The malicious user tries to perform an attack designed to deceive the legitimate user into using the BlackBerry Desktop Manager to browse to a location on their internal network.
4.The legitimate user must choose to use the BlackBerry Desktop Manager to manually browse to the directory that the malicious user specifies.
5.The user might be deceived into opening a file that the malicious user has designed to perform remote code execution using the privileges of the BlackBerry Desktop Software user on the computer.
6.The BlackBerry Desktop Manager runs the file once the user has opened the malicious file.
Vendor Status:
Blackberry had issued an update for this vulnerability
Patch Availability:
http://btsc.webapps.blackberry.com/btsc/viewdocument.do?externalId=KB24242&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl
CVE Information:
CVE-2010-2600
|
|
|
|
|
