SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BlackBerry Enterprise Server Vendors:   Research In Motion Limited
BlackBerry Enterprise Server Bug in PDF Distiller Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1020505
SecurityTracker URL:  http://securitytracker.com/id/1020505
CVE Reference:   CVE-2008-3246   (Links to External Site)
Updated:  Aug 6 2008
Original Entry Date:  Jul 16 2008
Impact:   Execution of arbitrary code via network, User access via network
Vendor Confirmed:  Yes  
Version(s): 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5)
Description:   A vulnerability was reported in BlackBerry Enterprise Server in the BlackBerry Attachment Service. A remote user can cause arbitrary code to be executed on the target system.

A remote user can send a specially crafted PDF file via e-mail that, when viewed by a user, will trigger a flaw in the PDF distiller and execute arbitrary code on the system running the BlackBerry Attachment Service.

BlackBerry Unite! versions prior to 1.0 SP1 (1.0.1) bundle 36 are also affected.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   No solution was available at the time of this entry.

The vendor is working on a fix.

The vendor's advisory is available at:

http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB15766&sliceId=SAL_Public

Vendor URL:  www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB15766&sliceId=SAL_Public (Links to External Site)
Cause:   Not specified
Underlying OS:  Windows (2000), Windows (2003)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC