PT-2009-2971 · Blackberry+1 · Blackberry Application Web Loader+1

Andre Protas

Published

2009-02-10

Updated

2009-02-17

CVE-2009-0305

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions BlackBerry Application Web Loader version 1.0

Description The issue is related to multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control. This can be exploited by remote attackers to execute arbitrary code, potentially through the use of the load or loadJad method.

Recommendations For BlackBerry Application Web Loader version 1.0, as a temporary workaround, consider disabling the load and loadJad methods until a patch is available. Restrict access to the AxLoader ActiveX control to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2009-0305

Affected Products

Blackberry Application Web Loader

Rim Axloader Activex Control

PT-2009-2971 · Blackberry+1 · Blackberry Application Web Loader+1

CVE-2009-0305

Weakness Enumeration

Related Identifiers

Affected Products

References · 7