Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

BlackBerry Enterprise Server Critical Update

Published: 2011-08-11
Last Updated: 2011-08-11 22:31:53 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

Blackberry issued a critical update affecting components that process images on a Blackberry Enterprise Server which could allow remote code execution when processing PNG and TIFF image for rendering on their smartphone. These vulnerabilities have been assigned a Common Vulnerability Scoring System (CVSS) of 10.0 (high severity). The following CVEs have been assigned: CVE-2010-1205, CVE-2010-3087, CVE-2010-2595, CVE-2011-0192, CVE-2011-1167

Blackberry recommends applying the fix. "These updates replace the installed image.dll file that the affected components use with an image.dll file that is not affected by the vulnerabilities."[1]

The advisory has a complete list of affected products and is posted here.



Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu


0 comment(s)
As part of this weeks patch tuesday, microsoft also re-release MS11-043 to address stability issues.
Diary Archives