Threat Level: green Handler on Duty: Russ McRee

SANS ISC: BlackBerry Enterprise Server Critical Update - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
BlackBerry Enterprise Server Critical Update

Blackberry issued a critical update affecting components that process images on a Blackberry Enterprise Server which could allow remote code execution when processing PNG and TIFF image for rendering on their smartphone. These vulnerabilities have been assigned a Common Vulnerability Scoring System (CVSS) of 10.0 (high severity). The following CVEs have been assigned: CVE-2010-1205, CVE-2010-3087, CVE-2010-2595, CVE-2011-0192, CVE-2011-1167

Blackberry recommends applying the fix. "These updates replace the installed image.dll file that the affected components use with an image.dll file that is not affected by the vulnerabilities."[1]

The advisory has a complete list of affected products and is posted here.


[1] http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27244

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

 

Guy

427 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!