Gladiator Research and Security - » BlackBerry Desktop Software ActiveX Vulnerability

Links

Other Posts: DSL/Cable Modems Vulnerable to CSRF Attacks; SonicWALL Licensing Server Failure

BlackBerry Desktop Software ActiveX Vulnerability

Posted on December 5th, 2008 by Ryan Spanier

GSA Reference Number: AD081204-01

Simply Put: BlackBerry Desktop Software 4.2.2 through 4.7 is vulnerable to a remote system compromise because it includes a vulnerable ActiveX control from FlexNET. An ActiveX vulnerability can be exploited through Internet Explorer by a malicious website.

Attack Details: The FlexNET controller was found vulnerable to remote code execution in 2007. BlackBerry was distributing the vulnerable version with its Desktop Software product, used by BlackBerry owners to sync files and settings with their desktop computers. A malicious website could call the vulnerable ActiveX control and use it to run arbitrary commands on the remote system.

Countermeasures: The vendor has released a patch for this vulnerability. Gladiator recommends all users upgrade their BlackBerry Desktop software.

Related Links:

Secunia BlackBerry Desktop Advisory (http://secunia.com/Advisories/32842/)
Secunia FlexNET ActiveX Control Advisory [2007] (http://secunia.com/advisories/25501/)
BlackBerry software download site (https://www.blackberry.com/Downloads/entry.do?code=A8BAA56554F96369AB93E4F3BB068C22)
Original RIM advisory (http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html)

Tags: ActiveX, Blackberry, FlexNET, RIM

Reader Comments

Sorry, comments are closed.