Vulnerability Could Allow Attacker to Execute Arbitrary Code or Cause a denial-of-service Condition
RIM has released a security advisory to address a security issue in the BlackBerry Attachment Service component of the BlackBerry Enterprise Server. According to RIM, the vulnerability could allow a malicious individual to cause buffer overflow errors, leading to a Denial of Service (DoS) condition or execution of arbitrary code on the computer that the BlackBerry Attachment Service runs on.
The issue relates to a known vulnerability in the PDF distiller component of the BlackBerry Attachment Service that affects how the BlackBerry Attachment Service processes PDF files.
Exploitation of the vulnerability requires a BlackBerry user to open a malicious PDF file on a BlackBerry device that is associated with a user account on a BlackBerry Enterprise Server. The PDF file may be attached to an email message, or the BlackBerry user may retrieve it from a web site using the Get Link menu item on the BlackBerry device.
RIM has given the vulnerability a Common Vulnerability Scoring System (CVSS) score of 7.6. More information is available at: http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24547
< Be Informed. Subscribe to SecurityWeek’s Weekly Email Briefing Here >
More from SecurityWeek News
- Threat Hunting Summit Virtual Event NOW LIVE
- Video: ESG – CISO’s Guide to an Emerging Risk Cornerstone
- Threat Modeling Firm IriusRisk Raises $29 Million
- SentinelOne Announces $100 Million Venture Fund
- Today: 2022 CISO Forum Virtual Event
- Cymulate Closes $70M Series D Funding Round
- SecurityWeek to Host CISO Forum Virtually September 13-14, 2022: Registration is Open
- Privilege Escalation Flaw Haunts VMware Tools
Latest News
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- UK Car Retailer Arnold Clark Hit by Ransomware
- Dealing With the Carcinization of Security
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Cyber Insights 2023 | Supply Chain Security
- Cyber Insights 2023 | Regulations
