Now on Demand: Zero Trust Strategies Summit - Access All Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

RIM Issues Security Advisory for BlackBerry Enterprise Server

Vulnerability Could Allow Attacker to Execute Arbitrary Code or Cause a denial-of-service Condition

RIM has released a security advisory to address a security issue in the BlackBerry Attachment Service component of the BlackBerry Enterprise Server. According to RIM, the vulnerability could allow a malicious individual to cause buffer overflow errors, leading to a Denial of Service (DoS) condition or execution of arbitrary code on the computer that the BlackBerry Attachment Service runs on.

Vulnerability Could Allow Attacker to Execute Arbitrary Code or Cause a denial-of-service Condition

RIM has released a security advisory to address a security issue in the BlackBerry Attachment Service component of the BlackBerry Enterprise Server. According to RIM, the vulnerability could allow a malicious individual to cause buffer overflow errors, leading to a Denial of Service (DoS) condition or execution of arbitrary code on the computer that the BlackBerry Attachment Service runs on.

The issue relates to a known vulnerability in the PDF distiller component of the BlackBerry Attachment Service that affects how the BlackBerry Attachment Service processes PDF files.

Exploitation of the vulnerability requires a BlackBerry user to open a malicious PDF file on a BlackBerry device that is associated with a user account on a BlackBerry Enterprise Server. The PDF file may be attached to an email message, or the BlackBerry user may retrieve it from a web site using the Get Link menu item on the BlackBerry device.

RIM has given the vulnerability a Common Vulnerability Scoring System (CVSS) score of 7.6. More information is available at: http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24547

< Be Informed. Subscribe to SecurityWeek’s Weekly Email Briefing Here >

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.