BlackBerry bitten by PDF distiller security hole

Summary:A serious security flaw in the way Research in Motion's BlackBerry Enterprise Server processes PDF files could expose businesses to remote code execution attacks

A serious security flaw in the way Research in Motion's BlackBerry Enterprise Server processes PDF files could expose businesses to remote code execution attacks, the company warned in an advisory.

The vulnerability, discovered in the PDF distiller of the BlackBerry attachment service for the BlackBerry Enterprise Server, could allow a hacker take control of the computer that the BlackBerry Attachment Service runs on.

Here's the gist of the problem from RIM's advisory:

follow Ryan Naraine on twitter

The vulnerability could allow a malicious individual to cause buffer overflow errors, leading to a Denial of Service (DoS) condition or possibly arbitrary code execution on the computer that the BlackBerry Attachment Service runs on.

Successful exploitation of this issue requires a malicious individual to persuade a BlackBerry smartphone user to open a specially crafted PDF file on a BlackBerry smartphone that is associated with a user account on a BlackBerry Enterprise Server. The PDF file may be attached to an email message, or the BlackBerry smartphone user may retrieve it from a web site using the Get Link menu item on the BlackBerry smartphone.

RIM recommends that BlackBerry Enterprise Server administrators to review and apply available patches or consider implementing workaround in the advisory.

Affected software include:

  • BlackBerry Enterprise Server Express version 5.0.2 for Microsoft Exchange
  • BlackBerry Enterprise Server versions 5.0.2, 5.0.1, 5.0.0, 4.1.7 and earlier for Microsoft Exchange
  • BlackBerry Enterprise Server versions 5.0.2, 5.0.1, 5.0.0, 4.1.7 and earlier for IBM Lotus Domino
  • BlackBerry Enterprise Server versions 5.0.1, 4.1.7 and earlier for Novell GroupWise
  • BlackBerry® Professional Software version 4.1.4 and earlier for Microsoft Exchange and IBM Lotus Domino

This issue does not affect BlackBerry smartphones.

Topics: Hardware, BlackBerry, Mobility, Security, Smartphones

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.