In association with heise online

04 November 2009, 17:47

Security hole in BlackBerry Desktop Manager

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

BlackBerry vendor Research In Motion (RIM) is warning of a critical hole in the BlackBerry Desktop Manager that allows attackers to infect vulnerable systems with malware. The issue is caused by a buffer overflow within an Active X control from Intellisync which is used by Blackberry Desktop Manager to synchronise with IBM's Lotus Notes. As the control is installed by default whether a user requires synchronisation of Lotus Notes data or not, the vulnerability generally affects all users of the BlackBerry Desktop Manager. For an attack to be successful, visiting a specially crafted web page with Internet Explorer is reportedly all that is required. The link to such a page could, for example, be included in an email.

The vulnerability has been closed in version 5.0.1 of the BlackBerry Desktop software. As a workaround, RIM suggest that users disable Intellisync by simply un-registering the vulnerable lnresobject.dll library. Instructions on how to do this can be found in RIM's original advisory.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit