Vulnerability Note VU#289235

The BlackBerry Attachment Service is a component of the BlackBerry Enterprise Server (BES) and BlackBerry Unite!. The BlackBerry Attachment Service renders certain types of files sent as email attachments for display on BlackBerry Handhelds and other BlackBerry client devices. An unspecified vulnerability in the PDF distiller component of the BlackBerry Attachment Service may allow arbitrary code execution on the system that runs the vulnerable service.

By convincing a user to open a specially-crafted PDF attachment on a BlackBerry smartphone, a remote, unauthenticated attacker may be able to execute arbitrary code on the system that runs the BlackBerry Attachment Service.

Apply an update

This issue is addressed in BlackBerry Enterprise Server 4.1 Service Pack 6 (4.1.6). Please see BlackBerry document KB15766 for more details.
This issue is also addressed in BlackBerry Unite! 1.0 Service Pack 1 (1.0.1) bundle 36. Please see BlackBerry document KB15770 for more details.

Prevent the BlackBerry Attachment Service from processing PDF files

BlackBerry document KB15766 and KB15770 outline several ways of preventing the BlackBerry Enterprise Server and BlackBerry Unite! from processing PDF files, which can help mitigate this vulnerability.