5 results (0.008 seconds)

CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0

RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Mac, uses a weak password to encrypt a database backup file, which makes it easier for local users to decrypt the file via a brute force attack. RIM BlackBerry Desktop Software v4.7 hasta v6.0 para PC, y v1.0 para Mac, utiliza una contraseña débil para cifrar un archivo de copia de seguridad de la base de datos, lo que hace que sea más fácil para los usuarios locales descifrar el archivo a través de un ataque de fuerza bruta. • http://secunia.com/advisories/42657 http://secunia.com/advisories/42661 http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24764 http://www.securityfocus.com/bid/45434 http://www.securitytracker.com/id?1024908 • CWE-310: Cryptographic Issues •

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0

The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack. El mecanismo de copia de seguridad offline de Research In Motion (RIM) BlackBerry Desktop Software utiliza PBKDF2 de una sola iteración, lo que facilita a los usuarios locales a la hora de descifrar un archivo .ipd a través de un ataque de fuerza bruta. • http://blog.crackpassword.com/2010/09/smartphone-forensics-cracking-blackberry-backup-passwords http://it.slashdot.org/story/10/10/01/166226 http://twitter.com/elcomsoft/statuses/25954970586 http://www.infoworld.com/t/mobile-device-management/you-can-no-longer-rely-encryption-protect-blackberry-436 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7360 • CWE-310: Cryptographic Issues •

CVSS: 9.3EPSS: 1%CPEs: 8EXPL: 0

Untrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Blackberry. Vulnerabilidad ruta de búsqueda no confiable en BlackBerry Desktop Software anterior a v6.0.0.47 permite a los usuarios locales, y posiblemente a los atacantes remotos, ejecutar código a su elección y y producir un ataque de secuestro de DLL, a través de un troyano DLL que está ubicado en la misma carpeta que un fichero que sea procesado por Blackberry. • http://secunia.com/advisories/41346 http://secunia.com/advisories/41398 http://www.blackberry.com/btsc/KB24242 http://www.securityfocus.com/bid/43139 http://www.securitytracker.com/id?1024425 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6843 •

CVSS: 9.3EPSS: 2%CPEs: 2EXPL: 0

Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote attackers to execute arbitrary code via a crafted web page. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer en el control ActiveX Intellisync en lnresobject.dll in BlackBerry Desktop Manager en Research In Motion (RIM) BlackBerry Desktop Software anterior a v5.0.1, permite a atacantes remotos ejecutar código de su elección a través de una página web manipulada. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros. • http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB19701 http://www.securityfocus.com/bid/36903 http://www.vupen.com/english/advisories/2009/3133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 2.6EPSS: 3%CPEs: 23EXPL: 0

Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which prevents a browser dialog from being properly dismissed. • http://securitytracker.com/id?1015428 http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/7925/8142/?nodeid=1167791 http://www.kb.cert.org/vuls/id/829400 http://www.securityfocus.com/bid/16099 http://www.vupen.com/english/advisories/2006/0011 •