BlackBerry Desktop Software < 6.0 B47 Path Subversion Arbitrary DLL Injection Code Execution

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a program that is affected by a DLL
loading vulnerability.

Description :

BlackBerry Desktop Software has a DLL loading vulnerability that
occurs when the program searches for a DLL file in the current working
directory. Attackers may exploit the issue by placing a specially
crafted DLL file and another file associated with the application in
an location controlled by the attacker. When the associated file is
launched, the attacker's arbitrary code can be executed.

See also :

http://www.blackberry.com/btsc/KB24242

Solution :

Upgrade to BlackBerry Desktop Software 6.0 B47 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 49674 (blackberry_desktop_software_6_0_b47.nasl)

Bugtraq ID: 43139

CVE ID: CVE-2010-2600

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now