iDefense Security Advisory 01.12.09 - Remote exploitation of a heap overflow vulnerability in Research In Motion Ltd. (RIM)'s BlackBerry Enterprise Server could allow an attacker to execute arbitrary code with the privileges of the affected service, usually SYSTEM. The vulnerability occurs when parsing a data stream inside of a PDF file. During parsing, a dynamic array is filled up with pointers to certain objects without properly checking to see whether the array is large enough to hold all of the pointers. By inserting a large number of pointers, it is possible to overflow the array, and corrupt object pointers. This can lead to the EIP register being controlled, which results in the execution of arbitrary code. Defense has confirmed the existence of this vulnerability in BlackBerry Enterprise Server version 4.1.5 and 4.1.6 (4.1 SP5, SP6). 4.1.6 is the most current version, as of the publishing of this report. This vulnerability was confirmed in BlackBerry Enterprise Server for...
iDefense Security Advisory 01.12.09 - Remote exploitation of a heap overflow vulnerability in Research In Motion Ltd. (RIM)'s BlackBerry Enterprise Server could allow an attacker to execute arbitrary code with the privileges of the affected service, usually SYSTEM. The vulnerability occurs when parsing a data stream inside of a PDF file. During parsing, a dynamic array is filled up with pointers to certain objects without properly checking to see whether the array is large enough to hold all of the pointers. By inserting a large number of pointers, it is possible to overflow the array, and corrupt object pointers. This can lead to the EIP register being controlled, which results in the execution of arbitrary code. Defense has confirmed the existence of this vulnerability in BlackBerry Enterprise Server version 4.1.5 and 4.1.6 (4.1 SP5, SP6). 4.1.6 is the most current version, as of the publishing of this report. This vulnerability was confirmed in BlackBerry Enterprise Server for Microsoft Exchange, but is believed to affect the Lotus and Novell versions as well. Previous versions may also be affected.
