Go Back   BlackBerry Forums > BlackBerry Internet Service > BlackBerry Unite! Support
Reload this Page Vulnerability in the PDF distiller of the BlackBerry Attachment Service for Unite!

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 17-07-2008, 12:21 AM
Gregmyers's Avatar
BlackBerry Professional
  
Join Date: Jul 2007
Location: Perth . Australia
Posts: 786
Vulnerability in the PDF distiller of the BlackBerry Attachment Service for Unite!
Vulnerability in the PDF distiller of the BlackBerry Attachment Service for BlackBerry Unite
Doc ID : KB15770
Last Modified : 2008-07-10
Document Type : Security Advisory

Environment
BlackBerry® Unite!™ software versions earlier than 1.0 Service Pack 1 (1.0.1) bundle 36

Overview
This advisory describes a security issue that the BlackBerry Attachment Service component of BlackBerry Unite! is susceptible to. The issue relates to a known vulnerability in the PDF distiller component of the BlackBerry Attachment Service that affects how the BlackBerry Attachment Service processes PDF files.
This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.0.

Problem
A security vulnerability in the PDF distiller of the BlackBerry Attachment Service could enable a malicious individual to use a specially crafted PDF file attachment in an email message to cause arbitrary code to execute on the computer that the BlackBerry Attachment Service runs on. If a BlackBerry smartphone user on BlackBerry Unite! opens and views the specially crafted PDF file attachment on the BlackBerry smartphone; the arbitrary code execution could compromise the computer.

Resolution
Upgrade to BlackBerry Unite! version 1.0 Service Pack 1 (1.0.1) bundle 36 or later. To obtain the BlackBerry Unite! software, visit BlackBerry.

Workaround
Note: As a mobile device best practice, Research In Motion (RIM) recommends that BlackBerry smartphone users open attachments from trusted sources only.
Prevent the BlackBerry Attachment Service from processing PDF files in a BlackBerry Unite! environment

Warning: The following procedure involves modifying the computer registry. This can cause substantial damage to the Windows® operating system. Document and back up the registry entries prior to implementing any changes.

Open the command prompt.
Type the following command:
net stop bbattachserver

Type the following command:
reg.exe ADD "HKLM\Software\Research In Motion\BBAttachEngine\Distillers\LoadPDFDistiller" /v Enabled /t REG_DWORD /d 0

Important: Undertake registry modifications at your own risk, and only if you are confident in your ability to do so successfully. Serious, unsolvable problems that might require you to reinstall your operating system can occur if you modify the registry incorrectly.

Type the following command:
net start bbtattachserver
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT +11. The time now is 08:09 PM.

Copyright ©2006 - 2008 BLACKBERRYFORUMS - RIM and Blackberry are Registered Trademarks of Research In Motion

Contact Us - BlackBerry Support Forum - Asia Pacific - Archive - Top

Search Engine Friendly URLs by vBSEO 3.2.0