RIM warns of BlackBerry PDF vulnerability

The BlackBerry maker has highlighted a flaw in its software that could be used to shut down a server or execute malicious code

Research In Motion has warned of critical bugs in its BlackBerry Enterprise Server and BlackBerry Professional Software that could be used to shut down a server or execute malicious code.

The bugs are the latest to affect the PDF distiller component of the BlackBerry Attachment Service. The PDF distiller has been hit by three similar bugs in recent months, all of a serious nature, RIM said in an advisory published on Tuesday.

RIM did not give details of the flaws, but said they could be exploited via a specially crafted PDF file. When the attachment is viewed on a BlackBerry smartphone, it could shut down the server or allow malicious code to be executed on the computer hosting the service, RIM said.

The bug was ranked as "highly critical" in an advisory from independent security firm Secunia.

BlackBerry Enterprise Server versions 4.1.3 to 5.0 are affected, as is BlackBerry Professional Software version 4.1.4, RIM said.

An interim patch available from RIM's website fixes the flaw. The patch includes the fixes for the previous PDF distiller bugs, RIM said.