US-CERT has issued a security advisory warning users against a security vulnerability in the PDF Distiller of the BlackBerry Attachment Service component for certain versions of the BlackBerry Enterprise Server. This security exploit allows an attacker to cause buffer overflow errors and execute arbitrary code on the system hosting the BlackBerry Attachment Service.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The attacker launches an attack by luring the victim to open a specially created PDF file on his BlackBerry smartphone which is associated with the user’s account on the BlackBerry Enterprise server. The PDF file is sent either as an e-mail attachment or as a file download link.
Research In Motion (RIM) has also issued a security advisory describing the problem in detail, and issued an update to rectify the vulnerability. A similar security issue for the PDF distiller for BlackBerry was discovered last year.