Orange Alert: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server
On October 13, 2010, Research In Motion (RIM) released a security advisory, KB24547: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server. This security advisory provides details of a known vulnerability in the PDF distiller of the BlackBerry Attachment Service component of the BlackBerry Enterprise Server and BlackBerry Enterprise Server Express, and BlackBerry Professional Software that affects how the BlackBerry Attachment Service processes PDF files.
RIM has issued interim security software updates that resolve the issue in supported software versions of the affected software. Resolution for the issue is available by downloading and applying the interim security software update for the appropriate affected software version. Links to the updates are listed in the Resolution section of the security advisory. Orange recommends that you apply the software update or implement the workaround which is also documented in the security advisory.
This security issue could allow a malicious individual to cause buffer overflow errors, leading to a Denial of Service (DoS) condition or possibly arbitrary code execution on the computer that the BlackBerry Attachment Service runs on. Successful exploitation of this issue requires a malicious individual to persuade a BlackBerry smartphone user to open a specially crafted PDF file on a BlackBerry smartphone that is associated with a user account on a BlackBerry Enterprise Server. The PDF file may be attached to an email message, or the BlackBerry smartphone user may retrieve it from a web site using the Get Link menu item on the BlackBerry smartphone.
So just be careful when opening PDF attachments!!!