RIM warns of serious vulnerability in BlackBerry Web loader

A flawed ActiveX control can be exploited by an attacker to run malicious code and gain access to critical files.

Research In Motion (RIM) issued an advisory Tuesday, warning users of a buffer overflow vulnerability in its Web-based application loader that could be remotely exploited by an attacker to gain access to critical system files.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

RIM said the problem is in the BlackBerry Application Web Loader ActiveX control used by Internet Explorer to install applications on BlackBerry devices. When a user attempts to install the application loader, the ActiveX control introduces the vulnerability to the computer, RIM said in its warning to customers.

The flaw can be exploited remotely. It has a Common Vulnerability Scoring System (CVSS) score of 9.3.

Microsoft issued a security advisory related to the BlackBerry flaw, issuing kill bits for the specific ActiveX control. Kill bits stop a specific ActiveX control from running in Microsoft Internet Explorer. The advisory also addresses a similar ActiveX issue with a download manager developed by Akamai Technologies Inc.

The BlackBerry flaw was discovered by researchers at eEye Digital Security.

Danish vulnerability clearinghouse Secunia issued an advisory Tuesday, giving the flaw a highly critical rating. "Successful exploitation allows execution of arbitrary code," Secunia said.

Dig deeper on Smartphone and PDA Viruses and Threats-Setup and Tools

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close