|
|
|
|
| |
Credit:
The original article can be found at: http://btsc.webapps.blackberry.com/btsc/viewdocument.do?externalId=KB26296&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl
The information has been provided by Ivan Huertas.
|
| |
Vulnerable Systems:
* BlackBerry Enterprise Server Express versions 5.0.1 and 5.0.2 for Microsoft Exchange
*BlackBerry Enterprise Server Express version 5.0.2 for IBM Lotus Domino
*BlackBerry Enterprise Server versions 5.0.0 through 5.0.3 for Microsoft Exchange and IBM Lotus Domino
*BlackBerry Enterprise Server version 5.0.1 for Novell GroupWise
Immune Systems:
* BlackBerry Device Software
* BlackBerry Desktop Software
* BlackBerry Internet Service
* BlackBerry Web Desktop Manager version 1.0.1.
The vulnerability could allow an attacker to execute externally supplied scripts using the user privileges of the BlackBerry Web Desktop Manager. This could allow the attacker to perform any BlackBerry Web Desktop Manager task that the legitimate user could perform on a BlackBerry smartphone while the user is logged in to the BlackBerry Web Desktop Manager. Such tasks include remotely resetting the device password and locking the device, remotely wiping and disabling the device, and activating the user's account on another device over the wireless network.
Successful exploitation of this issue requires an attacker to persuade the legitimate user to click a specially crafted URL. The URL that the attacker persuades the legitimate user to click may be in a web browser or an email or instant message.
Vendor Status:
Blackberry had issued a security update for this vulnerability
Patch Availability:
http://btsc.webapps.blackberry.com/btsc/viewdocument.do?externalId=KB26296&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl
CVE Information:
CVE-2011-0286
|
|
|
|
|
