New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
SynopsisThe remote Windows host has an application that is affected by multiple vulnerabilities.
DescriptionThe version of BlackBerry Enterprise Server on the remote host reportedly contains multiple remote code execution vulnerabilities in its image processing library :
- The 'TIFFReadDirectory()' function in 'tif_dirread.c' is affected by a buffer overflow vulnerability that can be triggered via a specially crafted TIFF image, potentially leading to arbitrary code execution.
- A flaw in handling PixarLog compressed TIFF images may be triggered via a specially crafted TIFF image, potentially leading to arbitrary code execution.
SolutionInstall the Interim Security Software Update for February 12th 2013, or upgrade to at least 5.0.4 MR1 for Novell GroupWise / 5.0.4 MR1 for IBM Lotus Domino / 5.0.4 MR1 for Microsoft Exchange.