A buffer overflow vulnerability in BlackBerry Enterprise Server may allow a remote attacker to execute arbitrary code.
A buffer overflow vulnerability exists in the BlackBerry Attachment Service component of BlackBerry Enterprise Server. This vulnerability may allow a remote attacker to execute arbitrary code when the service fails to handle a malformed Microsoft Word (.doc) document.
BlackBerry states that the following systems are vulnerable:
A remote attacker who can successfully convince a user to open a malicious Microsoft Word attachment on a BlackBerry Handheld device may be able to execute arbitrary code and compromise a vulnerable server.
BlackBerry provides the following solutions: