Unpatched Code Execution Bug Haunts BlackBerry
Ryan Naraine writes on the ZDNet "Zero Day" Blog:
Security alerts aggregator Secunia has raised an alarm for a “highly critical” vulnerability that puts users of the BlackBerry Enterprise Server at risk of code execution attacks.More here.
Technical details of bug are not available but Secunia says it is caused by an unspecified error in the BlackBerry Attachment Service when processing PDF files.
The vulnerability is reported in versions 4.1 Service Pack 3 (4.1.3) through 4.1 Service Pack 5 (4.1.5). Other versions may also be affected. It carries a CVSS Base Score of 9.0.