Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution

#BlackBerry

Source: http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27244

Affected Software
The issue affects the following software versions:

  • BlackBerry® Enterprise Server version 5.0.1 through 5.0.3 MR2 for Microsoft Exchange
  • BlackBerry® Enterprise Server version 5.0.1 through 5.0.3 MR2 for IBM Lotus Domino
  • BlackBerry® Enterprise Server version 4.1.7 and version 5.0.1 through 5.0.1 MR3 for Novell GroupWise
  • BlackBerry® Enterprise Server Express version 5.0.1 through 5.0.3 for Microsoft Exchange
  • BlackBerry® Enterprise Server Express version 5.0.2 and 5.0.3 for IBM Lotus Domino
  • Note: BlackBerry Enterprise Server version 5.0.3 MR3 and later for Microsoft Exchange and IBM Lotus Domino are not affected.

Issue Severity
These vulnerabilities have a Common Vulnerability Scoring System (CVSS) score of 10.0 (high severity). See the References section below for the list of issues by CVE issue identifier.

Overview
Vulnerabilities exist in components of the BlackBerry Enterprise Server that process PNG and TIFF images for rendering on the BlackBerry smartphone. The BlackBerry® Mobile Data System – Connection Service component processes images on web pages that the BlackBerry® Browser requests. The BlackBerry® Messaging Agent component processes images in email messages. 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: