Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service

Brian and Francois let us know about a new vulnerability in the  PDF distiller of the BlackBerry Attachment Service for the Blackberry Enterprise Server.

"Multiple security vulnerabilities exist in the PDF distiller of some released versions of the BlackBerry Attachment Service component of the BlackBerry Enterprise Server. These vulnerabilities could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a BlackBerry smartphone that is associated with a user account on a BlackBerry Enterprise Server, could cause memory corruption and possibly lead to a Denial of Service (DoS) condition or arbitrary code execution on the computer that hosts the BlackBerry Attachment Service component of that BlackBerry Enterprise Server."

The RIM announcement can be found here, and a brief US-CERT announcement is posted here.

Christopher Carboni - Handler On Duty

 Chris

140 Posts
Dec 1st 2009
Thread locked Subscribe Dec 1st 2009
1 decade ago
No fix is currently posted by BlackBerry. I found the KB article, but the link to the fix does not actually contain the fix. I called BlackBerry and was told it should be posted in the next few days.
Anonymous
Quote Dec 2nd 2009
1 decade ago

Sign Up for Free or Log In to start participating in the conversation!