Research in Motion (RIM) has offered a fix to address a vulnerability in the BlackBerry desktop manager.
Security advisory KB19701 claimed that a malicious user could perform an attack designed to deceive the legitimate user into clicking on a link to a malicious website that appears to be from a trusted source. If a user chose to access that site from the computer that is running the BlackBerry desktop manager, they may be able to perform remote code execution using the legitimate user's privileges on the computer.
The BlackBerry desktop manager does not need to be running for a malicious user to exploit this vulnerability. The vulnerability was given a CVSS severity rating of 9.3 and applies to BlackBerry desktop software version 5.0 and earlier on all platforms, so it warrants immediate attention.
The United States computer emergency readiness team (US-CERT) encouraged users to review the advisory and apply any necessary updates.
See original article on scmagazineus.com
RIM offers patch for Blackberry desktop manager
By
SC Australia Staff
on Nov 9, 2009 11:11AM
Risk of remote code execution.
