News Stay informed about the latest enterprise technology news and product updates.

RIM warns of serious vulnerability in BlackBerry Web loader

A flawed ActiveX control can be exploited by an attacker to run malicious code and gain access to critical files.

Research In Motion (RIM) issued an advisory Tuesday, warning users of a buffer overflow vulnerability in its Web-based...

application loader that could be remotely exploited by an attacker to gain access to critical system files.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

RIM said the problem is in the BlackBerry Application Web Loader ActiveX control used by Internet Explorer to install applications on BlackBerry devices. When a user attempts to install the application loader, the ActiveX control introduces the vulnerability to the computer, RIM said in its warning to customers.

The flaw can be exploited remotely. It has a Common Vulnerability Scoring System (CVSS) score of 9.3.

Microsoft issued a security advisory related to the BlackBerry flaw, issuing kill bits for the specific ActiveX control. Kill bits stop a specific ActiveX control from running in Microsoft Internet Explorer. The advisory also addresses a similar ActiveX issue with a download manager developed by Akamai Technologies Inc.

The BlackBerry flaw was discovered by researchers at eEye Digital Security.

Danish vulnerability clearinghouse Secunia issued an advisory Tuesday, giving the flaw a highly critical rating. "Successful exploitation allows execution of arbitrary code," Secunia said.

Dig Deeper on Mobile security threats and prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.