Bplay: Games and Themes
Labor Day Sale - Save 15 Percent Off All Software

RIM Announcement: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for BlackBerry Unite

July 16th, 2008 by Greg Myers

Environment

  • BlackBerry® Unite!™ software versions earlier than 1.0 Service Pack 1 (1.0.1) bundle 36

Overview

This advisory describes a security issue that the BlackBerry Attachment Service component of BlackBerry Unite! is susceptible to. The issue relates to a known vulnerability in the PDF distiller component of the BlackBerry Attachment Service that affects how the BlackBerry Attachment Service processes PDF files.

This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.0.

More after the JUMP;

Problem

A security vulnerability in the PDF distiller of the BlackBerry Attachment Service could enable a malicious individual to use a specially crafted PDF file attachment in an email message to cause arbitrary code to execute on the computer that the BlackBerry Attachment Service runs on. If a BlackBerry smartphone user on BlackBerry Unite! opens and views the specially crafted PDF file attachment on the BlackBerry smartphone; the arbitrary code execution could compromise the computer.

Resolution

Upgrade to BlackBerry Unite! version 1.0 Service Pack 1 (1.0.1) bundle 36 or later.  To obtain the BlackBerry Unite! software, visit www.blackberry.com.

Workaround

Note: As a mobile device best practice, Research In Motion (RIM) recommends that BlackBerry smartphone users open attachments from trusted sources only.

Prevent the BlackBerry Attachment Service from processing PDF files in a BlackBerry Unite! environment

Warning: The following procedure involves modifying the computer registry. This can cause substantial damage to the Windows® operating system. Document and back up the registry entries prior to implementing any changes.

  1. Open the command prompt.
  2. Type the following command:net stop bbattachserver
  3. Type the following command:reg.exe ADD “HKLM\Software\Research In Motion\BBAttachEngine\Distillers\LoadPDFDistiller” /v Enabled /t REG_DWORD /d 0Important: Undertake registry modifications at your own risk, and only if you are confident in your ability to do so successfully. Serious, unsolvable problems that might require you to reinstall your operating system can occur if you modify the registry incorrectly.
  4. Type the following command:net start bbtattachserver

This entry was posted on Wednesday, July 16th, 2008 and is filed under News.

Tagged with: Tags: , ,

If you enjoyed this article, make sure you subscribe to our RSS Feed to stay on top of the latest BlackBerry news you can use.

You can follow any responses to this entry through the Comments Feed. Leave A Trackback..


Previous Post: RIM Announcement: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server »
Next Post: The Bold & iPhone 3G Go Head To Head »
Related Reading:

Latest Posts:

One Response to “RIM Announcement: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for BlackBerry Unite

  • 1
    Nikolaus
    July 16th, 2008 11:51

    After seeing this and the previous post about Unite! the autoupdater finally ran, and updated my version to 1.0.1 bundle 37, not 36.

Subscribe without commenting

Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.