CIP Cyber

Log In
Menu
Log In
  • Opinion
  • Product Reviews
  • Industrial Cybersecurity
  • Videos

Remote Code Execution Vulnerability in BlackBerry Server

Table of Contents

Vulnerabilities can be find in on any server and application, even the big companies are not secure you can find vulnerabilities on their servers. BlackBerry, I think there is no need to introduce BlackBerry a high risk vulnerability has been found on BlackBerry Enterprise server components that process images could allow remote code execution.

RIM has released a security warning with advisory about a hole on BlackBerry server that can be use by an attacker to compromise a system remotely. The vulnerabilities have a Common Vulnerability Scoring System (CVSS) score of 10.0 (high severity). Vulnerabilities exist in components of the BlackBerry Enterprise Server that process PNG and TIFF images for rendering on the BlackBerry smartphone.
To exploit these vulnerabilities in how the BlackBerry MDS Connection Service processes PNG and TIFF images, an attacker would need to create a specially crafted web page and then persuade the BlackBerry smartphone user to click a link to that web page. The attacker could provide the link to the user in an email or instant message.

Affected Software

  • BlackBerry® Enterprise Server version 5.0.1 through 5.0.3 MR2 for Microsoft Exchange
  • BlackBerry® Enterprise Server version 5.0.1 through 5.0.3 MR2 for IBM Lotus Domino
  • BlackBerry® Enterprise Server version 4.1.7 and version 5.0.1 through 5.0.1 MR3 for Novell GroupWise
  • BlackBerry® Enterprise Server Express version 5.0.1 through 5.0.3 for Microsoft Exchange
  • BlackBerry® Enterprise Server Express version 5.0.2 and 5.0.3 for IBM Lotus Domino
BlackBerry smartphones and the device software’s are not affected so as a end user you dont need to worry about it.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Other Readings
CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Opinion

Password Cyberattack: Everything You Need to Know

November 7, 2023

Industrial Cybersecurity

Cybersecurity Awareness Month: Spotlight on ICS/OT Security

September 28, 2023

Opinion

How to Protect IoT Devices in Critical Infrastructure Networks

September 15, 2023

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training

Related Articles

What Proxies Are For

When you cannot access certain sites or hide your identity, you need a tool for that. For example, the USA proxies are in demand among

March 24, 2022

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training