BlackBerry Enterprise Server TIFF Image Processing Vulnerabilities (KB33425)
Critical Nessus Plugin ID 65643
SynopsisThe remote Windows host has an application that is affected by multiple vulnerabilities.
DescriptionThe version of BlackBerry Enterprise Server on the remote host reportedly contains multiple remote code execution vulnerabilities in its image processing library :
- The 'TIFFReadDirectory()' function in 'tif_dirread.c' is affected by a buffer overflow vulnerability that can be triggered via a specially crafted TIFF image, potentially leading to arbitrary code execution.
- A flaw in handling PixarLog compressed TIFF images may be triggered via a specially crafted TIFF image, potentially leading to arbitrary code execution.
SolutionInstall the Interim Security Software Update for February 12th 2013, or upgrade to at least 5.0.4 MR1 for Novell GroupWise / 5.0.4 MR1 for IBM Lotus Domino / 5.0.4 MR1 for Microsoft Exchange.