Article

RIM warns of serious vulnerability in BlackBerry Web loader

SearchSecurity.com Staff

Research In Motion (RIM) issued an advisory Tuesday, warning users of a buffer overflow vulnerability in its Web-based application loader that could be remotely exploited by an attacker to gain access to critical system files.

    Requires Free Membership to View

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

RIM said the problem is in the BlackBerry Application Web Loader ActiveX control used by Internet Explorer to install applications on BlackBerry devices. When a user attempts to install the application loader, the ActiveX control introduces the vulnerability to the computer, RIM said in its warning to customers.

The flaw can be exploited remotely. It has a Common Vulnerability Scoring System (CVSS) score of 9.3.

Microsoft issued a security advisory related to the BlackBerry flaw, issuing kill bits for the specific ActiveX control. Kill bits stop a specific ActiveX control from running in Microsoft Internet Explorer. The advisory also addresses a similar ActiveX issue with a download manager developed by Akamai Technologies Inc.

The BlackBerry flaw was discovered by researchers at eEye Digital Security.

Danish vulnerability clearinghouse Secunia issued an advisory Tuesday, giving the flaw a highly critical rating. "Successful exploitation allows execution of arbitrary code," Secunia said.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: