Site Archives Mobile Phone

BlackBerry Enterprise PDF Processing Vulnerability

Posted on July 17th, 2008

GSA Reference Number: AD080717-01

Simply Put: BlackBerry Enterprise Server has a new vulnerability in its attachment processing engine.  Basically, if an attacker attaches a maliciously formatted PDF file to an email and sends it to a BlackBerry user, the server processing the attachment could become compromised.  The BlackBerry user would have to view the email attachment on his phone to trigger the attack.  This is a vulnerability in the BlackBerry server and not BlackBerry phones.  If this attack is successful, arbitrary code could be run on the Enterprise Server.