|
|
|
Credit:
|
|
Vulnerable Systems:
*BlackBerry Enterprise Server Express version 5.0.1 and 5.0.2 for Microsoft Exchange
*BlackBerry Enterprise Server Express version 5.0.2 for IBM Lotus Domino
*BlackBerry Enterprise Server versions 4.1.3 through 5.0.2 MR1 for Microsoft Exchange and IBM Lotus Domino
*BlackBerry Enterprise Server versions 4.1.3 through 5.0.1 for Novell GroupWise
*BlackBerry Professional Software version 4.1.4 for Microsoft Exchange and IBM Lotus Domino
Immune Systems:
*BlackBerry Device Software
*BlackBerry Internet Service
*BlackBerry Desktop Software
The vulnerability could allow a malicious individual to cause buffer overflow errors, which may result in arbitrary code execution on the computer that hosts the BlackBerry Attachment Service. While code execution is possible, an attack is more likely to result in the PDF rendering process terminating before it completes. In the event of such an unexpected process termination, the PDF rendering process will restart automatically but will not resume processing the same PDF file.
Successful exploitation of this issue requires a malicious individual to persuade a BlackBerry smartphone user to open a specially crafted PDF file on a BlackBerry smartphone that is associated with a user account on a BlackBerry Enterprise Server. The PDF file may be attached to an email message, or the BlackBerry smartphone user may retrieve it from a web site using the Get Link menu item on the BlackBerry smartphone.
Vendor Status:
Blackberry had issued an update for this vulnerability
Patch Availability:
http://btsc.webapps.blackberry.com/btsc/viewdocument.do?externalId=KB24761&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl
CVE Information:
CVE-2010-2602
|
|
|
|