Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Gain root remotely >> BlackBerry Enterprise Server PNG Attachment Buffer Overflow Vulnerability

Vulnerability Assessment Details

BlackBerry Enterprise Server PNG Attachment Buffer Overflow Vulnerability

Vulnerability Assessment Summary
Checks version number of BlackBerry Enterprise Server

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote Windows application is affected by a buffer overflow
vulnerability.

Description :

The version of BlackBerry Enterprise Server installed on the remote
host reportedly is affected by a heap-based buffer overflow that can
be triggered by a malformed PNG attachment. Exploitation of this
issue may cause the Attachment Service to stop responding or crash and
may even permit for the execute of arbitrary code subject to the
rights under which the application runs, generally
'Administrator'.

See also :

http://www.nessus.org/u?c10eb5db

Solution :

Install the appropriate service pack / hotfix as described in the
vendor advisory referenced above.

Network Security Threat Level:

Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)

Networks Security ID: 16204

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security

Cables, Connectors