8420 : BlackBerry Desktop Software ActiveX control (lnsresobject.dll) code execution

High RiskHigh Risk

Quick Links

Event description Jump to the top of this document

BlackBerry Desktop Software could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability in the Lotus Notes Intellisync ActiveX control (Insresobject.dll). By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause the affected application to crash.

Products that have this security check Jump to the top of this document

BlackberryInsresobjectCodeExecution


Affected platforms Jump to the top of this document

How to remove this vulnerability Jump to the top of this document

Refer to Blackberry KB19701 for patch, upgrade or suggested workaround information. See References.

References Jump to the top of this document

DOE-CIRC TECHNICAL BULLETIN T-265
BlackBerry Desktop Manager ActiveX Control Remote Code Execution Vulnerability
http://www.doecirc.energy.gov/bulletins/t-265.shtml

Blackberry KB19701
Vulnerability in the BlackBerry Desktop Manager allows remote code execution
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB19701

BugTraq
BlackBerry Desktop Manager ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36903

Common Vulnerabilities and Exposures
Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote attackers to execute arbitrary code via a crafted web page. NOTE: some of these details are obtained from third party information.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0306

Information about this document Jump to the top of this document

The information contained in this document may change without notice, and may have been altered or changed if you have received it from a source other than Internet Security Systems. Use of this information constitutes acceptance for use in an "AS IS" condition, without warranties of any kind, and any use of this information is at the user's own risk. Internet Security Systems disclaims all warranties, either expressed or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Internet Security Systems be liable for any damages whatsoever, including direct, indirect, incidental, consequential or special damages, arising from the use or dissemination hereof, even if Internet Security Systems has been advised of the possibility of such damages.

Copyright © 1997 – 2014 IBM Internet Security Systems. All rights reserved.

This page was created on Wed Jul 16 00:58:57 2014