Blackberry issued a critical update affecting components that process images on a Blackberry Enterprise Server which could allow remote code execution when processing PNG and TIFF image for rendering on their smartphone. These vulnerabilities have been assigned a Common Vulnerability Scoring System (CVSS) of 10.0 (high severity). The following CVEs have been assigned: CVE-2010-1205, CVE-2010-3087, CVE-2010-2595, CVE-2011-0192, CVE-2011-1167 Blackberry recommends applying the fix. "These updates replace the installed image.dll file that the affected components use with an image.dll file that is not affected by the vulnerabilities."[1] The advisory has a complete list of affected products and is posted here.
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
|
Guy 522 Posts ISC Handler Aug 11th 2011 |
Thread locked Subscribe |
Aug 11th 2011 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!