Summary
| Detail | |||
|---|---|---|---|
| Vendor | Rim | First view | 2009-11-04 |
| Product | Blackberry Desktop Software | Last view | 2010-12-17 |
| Version | 1.0 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:rim:blackberry_desktop_software | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 2.1 | 2010-12-17 | CVE-2010-2603 | RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Mac, uses a weak password to encrypt a database backup file, which makes it easier for local users to decrypt the file via a brute force attack. |
| 9.3 | 2010-09-15 | CVE-2010-2600 | Untrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Blackberry. |
| 9.3 | 2009-11-04 | CVE-2009-0306 | Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote attackers to execute arbitrary code via a crafted web page. NOTE: some of these details are obtained from third party information. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-310 | Cryptographic Issues |
| 50% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 69928 | BlackBerry Desktop Software Database Backup File Password Brute Force Weakness |
| 67992 | BlackBerry Desktop Software Path Subversion Arbitrary DLL Injection Code Exec... |
| 59748 | IBM Lotus Notes Intellisync in BlackBerry Desktop Manager lnresobject.dll Act... |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-02-01 | Name : BlackBerry Desktop Software Information Disclosure Vulnerability File : nvt/secpod_blackberry_desktop_sec_bypass_vuln.nasl |
| 2010-09-23 | Name : BlackBerry Desktop Software Insecure Library Loading Vulnerability File : nvt/secpod_blackberry_desktop_insecure_lib_load_vuln_win.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2010-A-0132 | BlackBerry Desktop Software Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0025352 |
| 2009-A-0112 | Blackberry Desktop Manager Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0021926 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2010-12-30 | Name: The remote Windows host contains a program that uses a weak password to encry... File: blackberry_desktop_software_6_0_1.nasl - Type: ACT_GATHER_INFO |
| 2010-09-24 | Name: The remote Windows host contains a program that is affected by a DLL loading ... File: blackberry_desktop_software_6_0_b47.nasl - Type: ACT_GATHER_INFO |
| 2009-11-04 | Name: The remote Windows host has an ActiveX control that is allows remote executio... File: blackberry_intellisync_activex_cmd_exec.nasl - Type: ACT_GATHER_INFO |
