DarkFiber Consulting – IT Managed Services

Research In Motion Releases Advisory for BlackBerry PDF Distiller Vulnerabilities

December 10th, 2009 . by DarkFiber Consulting

Research In Motion has released a security advisory to address multiple vulnerabilities in the PDF distiller of some released versions of the BlackBerry Attachment Service. The advisory lists the affected versions as BlackBerry Enterprise Server 5.0.0 running on Microsoft Windows version 2003 or 2008, BlackBerry Enterprise Server 5.0.0 running on Microsoft Windows 2000, BlackBerry Enterprise Server software versions 4.1.3 through 4.1.7, and BlackBerry Professional Software 4.1.4. By convincing a user to view a specially crafted PDF file, an attacker may be able to execute arbitrary code or cause a denial-of-service condition on the system that hosts the BlackBerry Attachment Service.

DarkFiber Consulting encourages users and administrators to review BlackBerry security advisory KB19860 and apply any necessary updates.

Microsoft Releases Security Advisory (961040)

December 23rd, 2008 . by DarkFiber Consulting

Microsoft has released Security Advisory 961040 to address reports of attacks against a new vulnerability in Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine, Microsoft SQL Server 2000 Desktop Engine, and Windows Internal Database. The vulnerability occurs in the extended stored procedure “sp_replwriteovarbin.” Exploitation of this vulnerability may allow an authenticated attacker to execute arbitrary code. Additionally, if a web application is vulnerable to SQL injection, an unauthenticated, remote attacker may be able to execute arbitrary code.

DarkFiber Consulting encourages users to review the Microsoft Security Advisory 961040 and implement any Suggested Actions to help mitigate the risks.