On TV.com: Why Is Everyone in TV High School SO OLD
BNET Business Network:
BNET
TechRepublic
ZDNet

January 14th, 2009

RIM warns of BlackBerry PDF processing vulnerabilities

Posted by Ryan Naraine @ 7:48 am

Categories: Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Mobile (In)Security, Patch Watch, Pen testing, Vulnerability research

Tags: Research In Motion Ltd., Adobe PDF, Vulnerability, RIM BlackBerry, Handhelds, Hardware, Ryan Naraine

BlackBerry security advisories Hackers can use booby-trapped PDF attachments sent to BlackBerry devices to launch malicious code execution attacks, according to warnings issued by Research in Motion (RIM).

The company shipped patches this week to address a pair of critical vulnerabilities affecting its enterprise product line.

The vulnerabilities are due to the improper processing of PDF files within the Distiller component of the BlackBerry Attachment Service, RIM said.  Here are the raw details:

  • KB17118: Multiple security vulnerabilities exist in the PDF distiller of some released versions of the BlackBerry Attachment Service. These vulnerabilities could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a BlackBerry smartphone, could cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the BlackBerry Attachment Service.  These vulnerabilities each have a Common Vulnerability Scoring System (CVSS) score of 9.3.
  • KB17119: Multiple security vulnerabilities exist in the PDF distiller of some released versions of the BlackBerry Attachment Service. These vulnerabilities could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a BlackBerry smartphone, could cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the BlackBerry Attachment Service.  CVSS 9.3.   RIM recommends that users upgrade to the latest version of the BlackBerry Unite! software.

RIM customers are strongly urged to apply the updates or implement the workarounds listed in the documents to help mitigate the risk.* Image source: edans’ Flickr photostream (Creative Commons 2.0)

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 5 Talkback(s)
This has to be related to the Adobe fix
Dell has been cloning the PDF format from Adobe. When a vulernerability was found and fixed by Adobe it seems to show that the same vulernability was in the RIM code.... (Read the rest)
Posted by: coopejx@... Posted on: 01/16/09 You are currently: a Guest | | Terms of Use
Finally, PDA hacks brought to a little light!  grayn0de | 01/15/09
Security  philscbx@... | 01/15/09
This has to be related to the Adobe fix  coopejx@... | 01/16/09
RE: RIM warns of BlackBerry PDF processing vulnerabilities  Andrew Merrick | 01/15/09
RE: RIM warns of BlackBerry PDF processing vulnerabilities  philscbx@... | 01/15/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here