Research In Motion Ltd. has patched a piece of software for Windows PCs that could leave them vulnerable to attack when loading new applications onto BlackBerry devices.
The flaw lies in an ActiveX control used to load third-party applications onto BlackBerries connected to a PC via a USB cable. An ActiveX control is a small add-on program that works in a Web browser to facilitate the downloading of programs or security updates. However, the controls have been prone to vulnerabilities.
RIM said in a security advisory that a vulnerability is introduced to a PC when someone runs the BlackBerry Application Web Loader Version 1.0 ActiveX control with any version of Microsoft Corp.'s Internet Explorer browser. The advisory contains a link to the patch.
The vulnerability is an exploitable buffer overflow, which is a problem in memory that could allow an unauthorized program to run on systems. RIM didn't give details on how the flaw might be exploited.
However, the U.S. Computer Emergency Readiness Team (US-CERT) said an attacker could be able to execute arbitrary code with the system privileges of a user by getting the user to view a specially crafted HTML document. The vulnerability also could cause IE to crash, according to an advisory issued by US-CERT.
The flaw was given a score of 9.3 on the Common Vulnerability Scoring System, a tool used by vendors to evaluate the potential dangers of vulnerabilities. A CVSS score of 10 is the highest possible, and anything above a seven is considered to be highly dangerous.
RIM advised users to apply the new software patch. In Microsoft's latest security updates on Tuesday, the software vendor also released a "kill bit" for the affected ActiveX control to block it from running within IE.
source : Computerworld
Top Dropper In April
15 years ago
0 comments
Post a Comment