----------------------------------------------------------------------

Want a new job?

http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/

International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/

----------------------------------------------------------------------

TITLE:
BlackBerry Enterprise Server PDF Processing Vulnerability

SECUNIA ADVISORY ID:
SA31092

VERIFY ADVISORY:
http://secunia.com/advisories/31092/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
>From remote

SOFTWARE:
BlackBerry Enterprise Server for Exchange 4.x
http://secunia.com/product/4530/
BlackBerry Enterprise Server for Domino 4.x
http://secunia.com/product/4531/
BlackBerry Enterprise Server for Novell GroupWise 4.x
http://secunia.com/product/6715/

DESCRIPTION:
A vulnerability has been reported in BlackBerry Enterprise Server,
which potentially can be exploited by malicious people to compromise
a vulnerable system.

The vulnerability is caused due to an unspecified error in the
BlackBerry Attachment Service when processing PDF files. This can be
exploited to potentially execute arbitrary code on the vulnerable
system via an email containing a specially crafted PDF.

Successful exploitation requires that a BlackBerry smartphone user
views the specially crafted PDF file.

The vulnerability is reported in versions 4.1 Service Pack 3 (4.1.3)
through 4.1 Service Pack 5 (4.1.5). Other versions may also be
affected.

SOLUTION:
Disable the processing of PDF files in the BlackBerry Attachment
Service. Please see vendor's advisory for more details.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------