Security hole in BlackBerry Desktop Manager
BlackBerry vendor Research In Motion (RIM) is warning of a critical hole in the BlackBerry Desktop Manager that allows attackers to infect vulnerable systems with malware. The issue is caused by a buffer overflow within an Active X control from Intellisync which is used by Blackberry Desktop Manager to synchronise with IBM's Lotus Notes. As the control is installed by default whether a user requires synchronisation of Lotus Notes data or not, the vulnerability generally affects all users of the BlackBerry Desktop Manager. For an attack to be successful, visiting a specially crafted web page with Internet Explorer is reportedly all that is required. The link to such a page could, for example, be included in an email.
The vulnerability has been closed in version 5.0.1 of the BlackBerry Desktop software. As a workaround, RIM suggest that users disable Intellisync by simply un-registering the vulnerable lnresobject.dll library. Instructions on how to do this can be found in RIM's original advisory.
See also:
- Vulnerability in the BlackBerry Desktop Manager allows remote code execution, advisory from RIM.
(crve)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
