CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
Percentile
94.0%
A buffer overflow vulnerability in BlackBerry Enterprise Server may allow a remote attacker to execute arbitrary code.
A buffer overflow vulnerability exists in the BlackBerry Attachment Service component of BlackBerry Enterprise Server. This vulnerability may allow a remote attacker to execute arbitrary code when the service fails to handle a malformed Microsoft Word (.doc) document.
BlackBerry states that the following systems are vulnerable:
* BlackBerry Enterprise Server 2.2 and later for IBM Lotus Domino
* BlackBerry Enterprise Server 3.6 and later for Microsoft Exchange
* BlackBerry Enterprise Server 4.0 and later for Novell GroupWise
A remote attacker who can successfully convince a user to open a malicious Microsoft Word attachment on a BlackBerry Handheld device may be able to execute arbitrary code and compromise a vulnerable server.
BlackBerry provides the following solutions:
Microsoft Exchange
* For BlackBerry Enterprise Server 3.6, Install Service Pack 7.
* For BlackBerry Enterprise Server 4.0, Install Service Pack 3, then install version 4.0 Service Pack 3 Hotfix 3.
IBM Lotus Domino
* For BlackBerry Enterprise Server 2.2, a resolution for this issue has been developed and is currently undergoing testing. A software upgrade will be made available as soon as testing is complete.
* For BlackBerry Enterprise Server 4.0, install Service Pack 3, then install version 4.0 Service Pack 3 Hotfix 4.
Novell GroupWise
* Install BlackBerry Enterprise Server 4.0 Service Pack 3, then install version 4.0 Service Pack 3 Hotfix 1.
Workarounds
BlackBerry provides the following workaround:
BlackBerry Enterprise Server administrators can exclude Microsoft Word (.doc) files from being processed by the Attachment Service in the BlackBerry Enterprise Server, or disable the Attachment Service completely.
To Exclude Microsoft Word (.doc) files from being processed by the Attachment Service:
Even though the .doc extension has been removed from the list of supported file types, the Attachment Service may automatically detect a .doc file with a renamed extension and attempt to process the file. Administrators may need to disable the Attachment Service.
To disable the Attachment Service
520718
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: August 17, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see BlackBerry Knowledgebase Article KB-04791
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23520718 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by BlackBerry.
This document was written by Katie Washok.
CVE IDs: | CVE-2006-0761 |
---|---|
Severity Metric: | 0.59 Date Public: |