Detections
Analytics

BlackBerry Enterprise Server TIFF Image Processing Vulnerabilities (KB33425)

high Nessus Plugin ID 65643

Language:

Synopsis

The remote Windows host has an application that is affected by multiple vulnerabilities.

Description

The version of BlackBerry Enterprise Server on the remote host reportedly contains multiple remote code execution vulnerabilities in its image processing library :

 - The 'TIFFReadDirectory()' function in 'tif_dirread.c' is affected by a buffer overflow vulnerability that can be triggered via a specially crafted TIFF image, potentially leading to arbitrary code execution.
 (CVE-2012-2088)

 - A flaw in handling PixarLog compressed TIFF images may be triggered via a specially crafted TIFF image, potentially leading to arbitrary code execution.
 (CVE-2012-4447)

Solution

Install the Interim Security Software Update for February 12th 2013, or upgrade to at least 5.0.4 MR1 for Novell GroupWise / 5.0.4 MR1 for IBM Lotus Domino / 5.0.4 MR1 for Microsoft Exchange.

See Also

https://salesforce.services.blackberry.com/kbredirect/KB33425

http://www.nessus.org/u?5c3b6747

Plugin Details

Severity: High

ID: 65643

File Name: blackberry_es_tiff_kb33425.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 3/21/2013

Updated: 11/27/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2012-2088

Vulnerability Information

CPE: cpe:/a:rim:blackberry_enterprise_server

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Patch Publication Date: 2/12/2013

Vulnerability Publication Date: 2/12/2013

Reference Information

CVE: CVE-2012-2088, CVE-2012-4447

BID: 54270, 55673

IAVA: 2013-A-0048