BlackBerry < 10.1.0.1880 Multiple Flash Player Code Execution Vulnerabilities

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The version of BlackBerry 10 OS is affected by multiple remote code
execution vulnerabilities.

Description :

The mobile device uses a version of BlackBerry 10 OS that is prior to
10.1.0.1880. It is, therefore, affected by the following
vulnerabilities in the version of Flash Player supplied with it :

- Multiple memory corruption issues exist that allow an
unauthenticated, remote attacker to cause a denial of
service or to execute arbitrary code. (CVE-2013-1378,
CVE-2013-1379, CVE-2013-1380)

- An integer overflow condition exists that allows an
unauthenticated, remote attacker to execute arbitrary
code. (CVE-2013-2555)

Note that this plugin has relied solely on the version of the
installed OS and has not attempted to verify whether Flash content is
disabled in the device's browser.

See also :

http://support.blackberry.com/kb/articleDetail?ArticleNumber=000035565

Solution :

Upgrade to BlackBerry version 10.1.0.1880 or later. Alternatively,
refer to the vendor's advisory to disable Flash content.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mobile Devices

Nessus Plugin ID: 71992 ()

Bugtraq ID: 58396
58947
58949
58951

CVE ID: CVE-2013-1378
CVE-2013-1379
CVE-2013-1380
CVE-2013-2555