The issue affects the following software versions:
- BlackBerry® Enterprise Server version 5.0.1 through 5.0.3 MR2 for Microsoft Exchange
- BlackBerry® Enterprise Server version 5.0.1 through 5.0.3 MR2 for IBM Lotus Domino
- BlackBerry® Enterprise Server version 4.1.7 and version 5.0.1 through 5.0.1 MR3 for Novell GroupWise
- BlackBerry® Enterprise Server Express version 5.0.1 through 5.0.3 for Microsoft Exchange
- BlackBerry® Enterprise Server Express version 5.0.2 and 5.0.3 for IBM Lotus Domino
- Note: BlackBerry Enterprise Server version 5.0.3 MR3 and later for Microsoft Exchange and IBM Lotus Domino are not affected.
These vulnerabilities have a Common Vulnerability Scoring System (CVSS) score of 10.0 (high severity). See the References section below for the list of issues by CVE issue identifier.
Vulnerabilities exist in components of the BlackBerry Enterprise Server that process PNG and TIFF images for rendering on the BlackBerry smartphone. The BlackBerry® Mobile Data System – Connection Service component processes images on web pages that the BlackBerry® Browser requests. The BlackBerry® Messaging Agent component processes images in email messages.