The Research in Motion (RIM) BlackBerry Attachment Service contains a vulnerability in the way the service handles PNG files. By causing the service to render a specially crafted PNG file and convincing a user to view the file on a BlackBerry Handheld device, an attacker could execute arbitrary code or cause a denial of service to the Attachment Service.
The BlackBerry Attachment Service is a component of the BlackBerry Enterprise Server (BES). The BlackBerry Attachment Service renders certain types of files sent as email attachments for display on BlackBerry Handhelds and other BlackBerry client devices. A vulnerability in the way the service renders Portable Network Graphic (PNG) format image files could allow an attacker supplying a specially crafted PNG file to execute arbitrary code or cause the service to stop functioning. A user must view the attacker-supplied attachment on a BlackBerry Handheld in order to trigger the vulnerability.
The underlying vulnerability may be related to the way PNG uses zlib.
By supplying a specially crafted PNG image as an email attachment and convincing a user to view the image on a BlackBerry Handheld, a remote, unauthenticated attacker could execute arbitrary code or cause a denial of service to the Blackberry Attachment Service. The attacker may be able to take control of a vulnerable system.
Disable PNG processing, image attachment distiller, and/or Attachment Service
This vulnerability was reported by FX of Phenoelit. Thanks to RIM for information used in this document.
This document was written by Art Manion.
|Date First Published:||2006-01-09|
|Date Last Updated:||2006-01-09 22:28 UTC|