BlackBerry < 10.1.0.1880 Multiple Flash Player Code Execution Vulnerabilities

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The version of BlackBerry 10 OS is affected by multiple remote code
execution vulnerabilities.

Description :

The mobile device uses a version of BlackBerry 10 OS that is older than
10.1.0.1880. It is, therefore, affected by the following
vulnerabilities in the version of Flash Player supplied with it :

- Multiple memory corruption errors exist that could lead
to code execution. (CVE-2013-1378, CVE-2013-1379,
CVE-2013-1380)

- An integer overflow error exists that could lead to code
execution. (CVE-2013-2555)

Note that this plugin has relied solely on the version of the installed
OS and has not attempted to verify whether Flash content is disabled in
the device's browser.

See also :

http://www.blackberry.com/btsc/KB35565

Solution :

Upgrade to BlackBerry 10.1.0.1880 or later.

Alternatively, refer to the vendor's advisory to disable Flash
content.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mobile Devices

Nessus Plugin ID: 71992 ()

Bugtraq ID: 58396
58947
58949
58951

CVE ID: CVE-2013-1378
CVE-2013-1379
CVE-2013-1380
CVE-2013-2555