Detections
Analytics

BlackBerry Enterprise Server PNG Attachment Buffer Overflow

medium Nessus Plugin ID 20982

Synopsis

The remote Windows application is affected by a buffer overflow vulnerability.

Description

The version of BlackBerry Enterprise Server installed on the remote host reportedly is affected by a heap-based buffer overflow that can be triggered by a malformed PNG attachment. Exploitation of this issue may cause the Attachment Service to stop responding or crash and may even allow for the execute of arbitrary code subject to the privileges under which the application runs, generally 'Administrator'.

Solution

Install the appropriate service pack / hotfix as described in the vendor advisory referenced above.

See Also

http://www.nessus.org/u?c10eb5db

Plugin Details

Severity: Medium

ID: 20982

File Name: blackberry_es_png_attachment_overflow.nasl

Version: 1.13

Type: local

Published: 2/27/2006

Updated: 6/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:rim:blackberry_enterprise_server

Required KB Items: BlackBerry_ES/Product, BlackBerry_ES/Version

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1/6/2006

Reference Information

CVE: CVE-2005-2344

BID: 16204