BlackBerry Enterprise Server Bug in PDF Distiller Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1020505 |
|
SecurityTracker URL: http://securitytracker.com/id/1020505
|
|
CVE Reference:
CVE-2008-3246
(Links to External Site)
|
Updated: Aug 6 2008
|
Original Entry Date: Jul 16 2008
|
Impact:
Execution of arbitrary code via network, User access via network
|
Vendor Confirmed: Yes
|
Version(s): 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5)
|
Description:
A vulnerability was reported in BlackBerry Enterprise Server in the BlackBerry Attachment Service. A remote user can cause arbitrary code to be executed on the target system.
A remote user can send a specially crafted PDF file via e-mail that, when viewed by a user, will trigger a flaw in the PDF distiller and execute arbitrary code on the system running the BlackBerry Attachment Service.
BlackBerry Unite! versions prior to 1.0 SP1 (1.0.1) bundle 36 are also affected.
|
Impact:
A remote user can execute arbitrary code on the target system.
|
Solution:
No solution was available at the time of this entry.
The vendor is working on a fix.
The vendor's advisory is available at:
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB15766&sliceId=SAL_Public
|
Vendor URL: www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB15766&sliceId=SAL_Public (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
Windows (2000), Windows (2003)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 16 Jul 2008 09:09:42 -0400
Subject: BlackBerry Enterprise Server
|
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB15766&sliceId=SAL_Public
|
|
