BlackBerry Attachment Service PDF Distiller Remote Code Execution Vulnerability
BID:30188
Info
BlackBerry Attachment Service PDF Distiller Remote Code Execution Vulnerability
| Bugtraq ID: | 30188 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 11 2008 12:00AM |
| Updated: | Jul 11 2008 12:00AM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
Rim Blackberry Unite! 1.0.1 Rim Blackberry Professional Software 4.1.4 Rim Blackberry Enterprise Server 4.1.5 Rim Blackberry Enterprise Server 4.1.4 Rim Blackberry Enterprise Server 4.1.3 |
| Not Vulnerable: |
Rim Blackberry Unite! 1.0.1 bundle 36 Rim Blackberry Enterprise Server 4.1.6 |
Discussion
BlackBerry Attachment Service PDF Distiller Remote Code Execution Vulnerability
BlackBerry Attachment Service is prone to a remote code-execution vulnerability when handling specially crafted PDF files.
Attackers can leverage this issue to execute arbitrary machine code in the context of applications running the service. Successful exploits will compromise the server. Failed attacks will likely result in denial-of-service conditions.
This issue affects the following:
BlackBerry Enterprise Server 4.1.3 through 4.1.5
BlackBerry Unite! prior to 1.0.1 bundle 36.
BlackBerry Professional Software 4.1.4
BlackBerry Attachment Service is prone to a remote code-execution vulnerability when handling specially crafted PDF files.
Attackers can leverage this issue to execute arbitrary machine code in the context of applications running the service. Successful exploits will compromise the server. Failed attacks will likely result in denial-of-service conditions.
This issue affects the following:
BlackBerry Enterprise Server 4.1.3 through 4.1.5
BlackBerry Unite! prior to 1.0.1 bundle 36.
BlackBerry Professional Software 4.1.4
Exploit / POC
BlackBerry Attachment Service PDF Distiller Remote Code Execution Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
BlackBerry Attachment Service PDF Distiller Remote Code Execution Vulnerability
Solution:
BlackBerry Unite! 1.0.1 bundle 36 and Enterprise Server 4.1.6 have been released to address this issue. Interim fixes are available for Professional Software. Please contact the vendor for information on how to obtain the updates.
Solution:
BlackBerry Unite! 1.0.1 bundle 36 and Enterprise Server 4.1.6 have been released to address this issue. Interim fixes are available for Professional Software. Please contact the vendor for information on how to obtain the updates.
References
BlackBerry Attachment Service PDF Distiller Remote Code Execution Vulnerability
References:
References:
- Vendor Homepage (Research In Motion)
- Vulnerability in the PDF distiller of the BlackBerry Attachment Service for Blac (BlackBerry)
- Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the (BlackBerry)
- Vulnerability Note VU#289235 BlackBerry Attachment Service PDF distiller vulnera (US-CERT)