Detections
Analytics

BlackBerry < 10.1.0.1880 Multiple Flash Player Code Execution Vulnerabilities

critical Nessus Plugin ID 71992

Language:

Synopsis

The version of BlackBerry 10 OS is affected by multiple remote code execution vulnerabilities.

Description

The mobile device uses a version of BlackBerry 10 OS that is prior to 10.1.0.1880. It is, therefore, affected by the following vulnerabilities in the version of Flash Player supplied with it :

 - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to cause a denial of service or to execute arbitrary code. (CVE-2013-1378, CVE-2013-1379, CVE-2013-1380)

 - An integer overflow condition exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2013-2555)

Note that this plugin has relied solely on the version of the installed OS and has not attempted to verify whether Flash content is disabled in the device's browser.

Solution

Upgrade to BlackBerry version 10.1.0.1880 or later. Alternatively, refer to the vendor's advisory to disable Flash content.

See Also

http://support.blackberry.com/kb/articleDetail?ArticleNumber=000035565

Plugin Details

Severity: Critical

ID: 71992

File Name: blackberry_10_1_0_1880.nbin

Version: 1.95

Type: local

Published: 1/16/2014

Updated: 9/4/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-2555

Vulnerability Information

CPE: cpe:/a:adobe:flash_player, cpe:/o:blackberry:blackberry_os

Required KB Items: mdm/dependency/unlocked

Exploit Ease: No known exploits are available

Patch Publication Date: 5/14/2013

Vulnerability Publication Date: 3/7/2013

Reference Information

CVE: CVE-2013-1378, CVE-2013-1379, CVE-2013-1380, CVE-2013-2555

BID: 58396, 58947, 58949, 58951