In association with heise online

27 May 2009, 10:00

RIM closes another BlackBerry PDF vulnerability

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to Research In Motion (RIM), a specially crafted PDF file can be used by an attacker to gain control of a BlackBerry Enterprise server. As with several previous vulnerabilities, the problem is in the PDF distiller of the BlackBerry Attachment service which pre-processes documents on the server so they can be easily read on a BlackBerry device.

Opening the crafted PDF document on a BlackBerry smartphone client triggers the server error, causing memory corruption which leads to the execution of arbitrary code. According to RIM, BlackBerry Enterprise Server 4.1.3, 5.0 and BlackBerry Professional 4.1.4 are affected. The Interim Security Software Update 2 for Enterprise Server 5.0 and Update 4 for Enterprise Server 4.1.3 and Professional fix the problem.

While RIM have released updates to the applications, in the interim they advise disabling PDF file processing on the BlackBerry server and give instructions on how to do so in the advisory.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-741755
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit