BlackBerry patches Enterprise Server

A vulnerability in the BlackBerry Attachment Service component of the BlackBerry Enterprise Server could allow a malicious individual to cause buffer overflow errors, leading to a DoS condition or possibly arbitrary code execution on the computer that the BlackBerry Attachment Service runs on.

Successful exploitation of this issue requires a malicious individual to persuade a BlackBerry smartphone user to open a specially crafted PDF file on a BlackBerry smartphone that is associated with a user account on a BlackBerry Enterprise Server.

The PDF file may be attached to an email message, or the BlackBerry smartphone user may retrieve it from a web site using the Get Link menu item on the BlackBerry smartphone.

RIM has resolve the vulnerability in affected versions of the BlackBerry Enterprise Server. Go here to obtain the updates.