BerryReview.com - BlackBerry News and Reviews
Twitter

PDF Distiller Vulnerability In BES & Unite

by on July 15th, 2008 · 3 Comments

Posted in News

I got an email about this vulnerability and thought I would mention it. Now we know why Unite was quietly upgraded to 1.0.1 bundle 36+ recently. RIM was nice enough to report the vulnerability details.

Turns out that there is a vulnerability in the Unite and BES PDF distiller in the BlackBerry attachment service that converts PDF files for viewing on your BlackBerry. If you open the wrong kind of PDF it can execute code on your system which is very bad. This vulnerability gets a Common Vulnerability Scoring System (CVSS) score of 9.0 which is pretty serious.

Right now Unite has a fix by autoupdating but BES users are out of luck. BES admins are encouraged to disable the PDF functionality following the instructions linked to below.

Systems effected:

  • BES 4.1 service pack 3 (4.1.3) through service pack 5 (4.1.5)
    • Currently RIM is stating: This issue has been escalated internally to our development team. No resolution time frame is currently available.
  • BlackBerry Unite 1.0.1 bundle 35 and earlier

You can read more about it on RIM’s website at these links:

Thanks to Josep for pointing out the knowledgebase articles!

Tags:

Previous Post RIM Finally Getting Serious With Their Support Forums Next Post A-DATA 8GB MicroSDHC Card $39.99 Shipped @ Meritline
Share this article with your friends!
Ronen is an avid BlackBerry addict who must always have the latest and greatest toys. His goal in creating BerryReview.com was to create a site which caters both to the casual & hardcore BlackBerry user base. He also got bored by reading other web sites that only published press releases and stock information. BerryReview on the other hand focuses on news and reviews that actually help BlackBerry users make the most of their devices.
Ronen's website
Follow Ronen on Twitter
Recommended for you
arc-side-main

July 16, 2008

RIM Announcement: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for BlackBerry Unite

arc-side-main

July 16, 2008

RIM Announcement: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server

arc-side-main

October 13, 2010

RIM Patches Yet Another “High Severity” PDF Distiller Vulnerability…

arc-side-main

December 3, 2009

RIM Patches 5th BES PDF Vulnerability in 18 Months

3 total comments on this postSubmit your comment!
  		1.

    Nikolaus   Not Registered

    Posted: July 15, 2008 at 2:31 PM EST

    My Unite! has not updated itself from 35 to 36+. How do I kick off this upgrade or download it myself?

  2. Dario   Not Registered

    Posted: July 16, 2008 at 1:45 AM EST

    Hey!
    I got a question for you about this vulnerability. Today a receive from Windows Live Messenger a PDF file, then appear a message about PDF Distiller ask for authorization about transfering a PDF file.
    So… This vulnerability could be available to make some virus for Blackberry OS?
  3. PM

    Ronen HalevyView Profile) Senior admin - Posts: 5298

    Posted: July 16, 2008 at 4:29 PM EST

    @Dario
    It could be used to run malicious code on the BES server from what I understand. Not a good thing…

Popular tags

RIM, Free Software, BlackBerry, BlackBerry PlayBook, PlayBook, Giveaway, GPS, Verizon, Video, Beta, , Update, T-mobile, bold, Internet, Rumors, AT&T, Editorial, App World, BES, Music, Games & Fun, BBM, Development, , BlackBerry 6, Contest, Leaked OS, Coupons / Deals, SDK

RIM© and BlackBerry© are registered Trademarks of Research In Motion Limited. BerryReview is in no way affiliated with Research In Motion though sometimes their lawyers send us love letters...

Copyright © 2007-2012 BerryReview LLC