Images used to mangle into BlackBerry servers
RIM has released a warning of a vicious confidence hole in a BlackBerry Enterprise Server, that enemy can use to concede a complement remotely. The image.dll library prepares images on web sites and as email attachments for arrangement on Blackberries though trips over specifically crafted PNG and TIFF files in a process. If users get an email or roller to a web site containing such an image, a exposed acclimatisation routine is launched on a server, thereby executing antagonistic code. Up compartment now, many vicious holes on Blackberry servers have been associated to a PDF distiller.
Versions 5.0.1 to 5.0.3 MR2 of a BlackBerry Enterprise Server for Microsoft Exchange and Lotus Domino, versions 4.1.7 and 5.0.1 to 5.0.1 MR3 for Novell GroupWise, and a Express versions 5.0.1 to 5.0.3 for Exchange and 5.0.2 to 5.0.3 for Domino are vulnerable. RIM has supposing rags on a server downloads site for all exposed versions and advises server admins to implement them immediately. As a workaround, a businessman shows how we can forestall abounding calm in emails and a arrangement of inline elements on web sites.
(djwm)