|
|
|
|
| |
Credit:
|
| |
Vulnerable Systems:
*BlackBerry Enterprise Server Express version 5.0.1 and 5.0.2 for Microsoft Exchange
*BlackBerry Enterprise Server Express version 5.0.2 for IBM Lotus Domino
*BlackBerry Enterprise Server versions 4.1.3 through 5.0.2 for Microsoft Exchange and IBM Lotus Domino
*BlackBerry Enterprise Server versions 4.1.3 through 5.0.1 for Novell GroupWise
*BlackBerry Professional Software version 4.1.4 for Microsoft Exchange and IBM Lotus Domino
Immune Systems:
*BlackBerry Device Software
*BlackBerry Internet Service
*BlackBerry Desktop Manager
*BlackBerry Mobile Voice System
The vulnerability could allow a malicious individual to cause buffer overflow errors, which may result in arbitrary code execution on the computer that hosts the BlackBerry Attachment Service. While code execution is possible, an attack is more likely to result in the PDF rendering process terminating before it completes. In the event of such an unexpected process termination, the PDF rendering process will restart automatically but will not resume processing the same PDF file
Vendor Status:
Blackberry had issued an update for this vulnerability
Patch Availability:
http://btsc.webapps.blackberry.com/btsc/viewdocument.do?externalId=KB25382&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl
CVE Information:
CVE-2010-2604
|
|
|
|
|
