iDefense Security Advisory 01.12.09 - Remote exploitation of an uninitialized memory vulnerability in Research In Motion Ltd.'s BlackBerry Enterprise Server could allow an attacker to execute arbitrary code with the privileges of the affected service, which is usually SYSTEM. The vulnerability occurs when parsing a data stream inside of a PDF file. Due to a logic error, it is possible to allocate an array of object pointers that is never initialized. This array is located on the heap. When the object that contains this array is destroyed, each pointer in the array is deleted. Since the memory is never properly initialized, whatever content was previously there is used. It is possible to control the chunk of memory that gets allocated for this array, which can lead to attacker-controlled values being used as object pointers. This results in the execution of arbitrary code when these pointers are deleted. iDefense has confirmed the existence of this vulnerability in BlackBerry...
iDefense Security Advisory 01.12.09 - Remote exploitation of an uninitialized memory vulnerability in Research In Motion Ltd.'s BlackBerry Enterprise Server could allow an attacker to execute arbitrary code with the privileges of the affected service, which is usually SYSTEM. The vulnerability occurs when parsing a data stream inside of a PDF file. Due to a logic error, it is possible to allocate an array of object pointers that is never initialized. This array is located on the heap. When the object that contains this array is destroyed, each pointer in the array is deleted. Since the memory is never properly initialized, whatever content was previously there is used. It is possible to control the chunk of memory that gets allocated for this array, which can lead to attacker-controlled values being used as object pointers. This results in the execution of arbitrary code when these pointers are deleted. iDefense has confirmed the existence of this vulnerability in BlackBerry Enterprise Server version 4.1.5 and 4.1.6 (4.1 SP5, SP6). 4.1.6 is the most current version, as of the publishing of this report. This vulnerability was confirmed in BlackBerry Enterprise Server for Microsoft Exchange, but is believed to affect the Lotus and Novell versions as well. Previous versions may also be affected.
