[dgrover]

HIGH: BlackBerry Desktop Software ActiveX Control Multiple Vulnerabilities

Affected:

BlackBerry Desktop Software versions 4.2.2 through 4.7



Description: BlackBerry Desktop Software is the desktop software used to manage a BlackBerry handheld device. Part of its functionality is provided by an ActiveX control, the FlexNET Connect control. This control was previously discovered to contain multiple vulnerabilities. BlackBerry Desktop Software uses a vulnerable version of this control. A specially crafted web page that instantiates this control could trigger these vulnerabilities, allowing an attacker to execute arbitrary code with the privileges of the current user. Technical details are publicly available for this vulnerability.



Status: Vendor confirmed, updates available.



References:

BlackBerry Advisory
Updating an ActiveX control that the Roxio Media Manager uses

Secunia Security Advisory
BlackBerry Desktop Software FlexNET Connect ActiveX Control Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com

Vendor Home Page
BlackBerry

SecurityFocus BID
Not yet available.

See:
Updating an ActiveX control that the Roxio Media Manager uses

[ballroomdru]

Is there a fix/work around for this issue?

Posted from my CrackBerry at wapforums.crackberry.com

[GapBoyPCS]

Basically download the latest version of DM.

Oddly enough, I'm looking at the release date of that notice and when I downloaded DM 4.7. Either it updated already for me, or maybe this is slightly old news?