2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.03 Low
EPSS
Percentile
91.0%
The Research in Motion (RIM) BlackBerry Handheld web browser is vulnerable to a denial of service via a specially crafted Java Application Description (JAD) file.
The BlackBerry Handheld web browser does not properly handle malformed JAD files. JAD files in J2ME are used to describe Java applications (icons, size, description, vendor, platform requirements, etc) to the BlackBerry Handheld. From RIM Technical Knowledge Center article KB-04755:
If the JAD file is formatted to contain a long application name and vendor string (i.e., 256 or more characters) to your BlackBerry device, the browser appears to stop responding.
…
A browser dialog is not properly dismissed. The browser displays the application name or vendor string on the download screen (this appears as several lines). The long application name indicates that there may be problems with the JAD file and caution should be exercised when downloading the application.
By convincing a user to access a specially crafted JAD file, an unauthenticated, remote attacker could cause the browser to hang.
Upgrade
According to RIM Technical Knowledge Center article KB-04755: “Install BlackBerry Device Software 4.0.2 or later. To obtain the most recent version of the device software, contact your service provider.”
Bypass browser dialog
To bypass the browser dialog, start a new browser application, or click on a URL from an email message.
Reset BlackBerry Handheld device
If necessary, reset the BlackBerry Handheld by removing and re-inserting the battery.
829400
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: December 31, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see RIM Technical Knowledge Center article KB-04755.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23829400 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by FX of Phenoelit. Thanks to RIM for information used in this document.
This document was written by Art Manion.
CVE IDs: | CVE-2005-2343 |
---|---|
Severity Metric: | 2.46 Date Public: |