RIM warns of serious vulnerability in BlackBerry Web loader

By SearchSecurity.com Staff 11 Feb 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Research In Motion (RIM) issued an advisory Tuesday, warning users of a buffer overflow vulnerability in its Web-based application loader that could be remotely exploited by an attacker to gain access to critical system files.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

RIM said the problem is in the BlackBerry Application Web Loader ActiveX control used by Internet Explorer to install applications on BlackBerry devices. When a user attempts to install the application loader, the ActiveX control introduces the vulnerability to the computer, RIM said in its warning to customers.

The flaw can be exploited remotely. It has a Common Vulnerability Scoring System (CVSS) score of 9.3.

Microsoft issued a security advisory related to the BlackBerry flaw, issuing kill bits for the specific ActiveX control. Kill bits stop a specific ActiveX control from running in Microsoft Internet Explorer. The advisory also addresses a similar ActiveX issue with a download manager developed by Akamai Technologies Inc.

The BlackBerry flaw was discovered by researchers at eEye Digital Security.

Danish vulnerability clearinghouse Secunia issued an advisory Tuesday, giving the flaw a highly critical rating. "Successful exploitation allows execution of arbitrary code," Secunia said.

Tags: Smartphone and PDA Viruses and Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Smartphone and PDA Viruses and Threats US-CERT warns of BlackBerry snooping software Mini guide: How to remove and prevent Trojans, malware and spyware SMS attacks against BlackBerry certificate flaw possible MMS messaging spoof hack could have global ramifications Unified communications: Securing a converged infrastructure RIM patches serious BlackBerry Attachment Service flaws Latest Apple iPhone features prompt security concerns SMS mobile worm attacks Symbian smartphones Smartphone security lacking at many businesses RIM fixes serious BlackBerry PDF handling flaws

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary