Security update for BlackBerry server
Research In Motion (RIM) has released a security update for its BlackBerry Enterprise Server products which fixes a vulnerability in its PDF distiller. The distiller runs on the servers and prepares PDF documents in emails for display on BlackBerry devices. Specially crafted PDF files can be used to crash the BlackBerry Attachment Server and may allow for the injection and execution of arbitrary code.
BlackBerry Enterprise Server Express 5.0.2 for Microsoft Exchange, BlackBerry Enterprise Server versions 5.0.2, 5.0.1, 5.0.0, 4.1.7 for Exchange, Lotus Notes and Novell GroupWise (not all versions are available on all platforms) and BlackBerry Professional Software 4.1.4 for Microsoft Exchange and Lotus Domino are all reportedly affected. BlackBerry handhelds are not affected by the vulnerability.
(crve)