SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BlackBerry Enterprise Server Vendors:   Research In Motion Limited
BlackBerry Enterprise Server Bug in PDF Distiller Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1022295
SecurityTracker URL:  http://securitytracker.com/id/1022295
CVE Reference:   CVE-2009-2643   (Links to External Site)
Updated:  Aug 3 2009
Original Entry Date:  May 27 2009
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.1.3 - 5.0
Description:   A vulnerability was reported in BlackBerry Enterprise Server. A remote user can cause arbitrary code to be executed on the target system.

A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the PDF distiller and execute arbitrary code on the target system running the BlackBerry Attachment Service. The code will run with the privileges of the target user.

Impact:   A remote user can create a PDF file that, when loaded by the target user, will execute arbitrary code on the target system running the BlackBerry Attachment Service.
Solution:   The vendor has issued a fix.

For BlackBerry Enterprise Server version 5.0: Interim Security Update 2 for BlackBerry Enterprise Server software version 5.0

For BlackBerry Enterprise Server version 4.1.x: Interim Security Update 4 for BlackBerry Enterprise Server software version 4.1.x.

For BlackBerry Professional Software: Interim Security Update 4

The vendor's advisory is available at:

http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB18327

Vendor URL:  www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB18327 (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (2000), Windows (2003)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC