Gladiator Research and Security

GSA Reference Number: AD080717-01

Simply Put: BlackBerry Enterprise Server has a new vulnerability in its attachment processing engine.  Basically, if an attacker attaches a maliciously formatted PDF file to an email and sends it to a BlackBerry user, the server processing the attachment could become compromised.  The BlackBerry user would have to view the email attachment on his phone to trigger the attack.  This is a vulnerability in the BlackBerry server and not BlackBerry phones.  If this attack is successful, arbitrary code could be run on the Enterprise Server.

• Continue reading

GSA Reference Number: AD080709-01

Simply Put: Recently, multiple vendors have released patches to address a vulnerability in the DNS protocol.  DNS is used for resolving host names and web addresses to IP addresses on the Internet.  DNS servers will send out queries to other DNS servers when they receive a request for a host not stored in their database.  When that happens, an attacker can respond to the request with a specially crafted packet with a malicious IP address.  Since DNS takes the first response, this IP address will be written to its database and served to the users.  Consequently, if a user tries to go to a website they might be redirected to a malicious website instead.

• Continue reading

GSA Reference Number: AD080708-01

Simply Put: Microsoft Access included with Microsoft Office 2000 through 2003, including Office XP, is vulnerable to remote exploitation through Internet Explorer.  If a user with MS Access installed browses to a malicious website, arbitrary files could be copied to the users machine. The vulnerability can be used to run malicious code on a user’s machine without notification or permission. Gladiator feels this issue is extremely critical.

• Continue reading