1. dgrover's Avatar
    HIGH: BlackBerry Desktop Software ActiveX Control Multiple Vulnerabilities

    Affected:

    BlackBerry Desktop Software versions 4.2.2 through 4.7



    Description: BlackBerry Desktop Software is the desktop software used to manage a BlackBerry handheld device. Part of its functionality is provided by an ActiveX control, the FlexNET Connect control. This control was previously discovered to contain multiple vulnerabilities. BlackBerry Desktop Software uses a vulnerable version of this control. A specially crafted web page that instantiates this control could trigger these vulnerabilities, allowing an attacker to execute arbitrary code with the privileges of the current user. Technical details are publicly available for this vulnerability.



    Status: Vendor confirmed, updates available.



    References:

    BlackBerry Advisory
    Updating an ActiveX control that the Roxio Media Manager uses

    Secunia Security Advisory
    BlackBerry Desktop Software FlexNET Connect ActiveX Control Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com

    Vendor Home Page
    BlackBerry

    SecurityFocus BID
    Not yet available.

    See:
    Updating an ActiveX control that the Roxio Media Manager uses
    11-28-08 06:30 PM
  2. ballroomdru's Avatar
    Is there a fix/work around for this issue?

    Posted from my CrackBerry at wapforums.crackberry.com
    11-28-08 06:47 PM
  3. GapBoyPCS's Avatar
    Basically download the latest version of DM.

    Oddly enough, I'm looking at the release date of that notice and when I downloaded DM 4.7. Either it updated already for me, or maybe this is slightly old news?
    11-28-08 08:29 PM
LINK TO POST COPIED TO CLIPBOARD