CVE-2010-3934
https://notcve.org/view.php?id=CVE-2010-3934
The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information. El navegador en Research In Motion (RIM) BlackBerry Device Software v5.0.0.593 Platform v5.1.0.147 en la BlackBerry 9700 no restringe correctamente la ejecución de dominio cruzado de JavaScript, lo cual permite a los atacantes remotos evitar la "Same Origin Policy" a través de vectores relacionados con una llamada a window.open y un elemento IFRAME. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros. • http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt http://secunia.com/advisories/41536 http://securitytracker.com/id?1024506 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-2601
https://notcve.org/view.php?id=CVE-2010-2601
Multiple buffer overflows in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.7 and earlier and 5.0.0 through 5.0.2, and BlackBerry Professional Software 4.1.4 and earlier, allow user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document. Múltiples desbordamientos de búfer en PDF distiller en el componente Attachment Service en Research In Motion (RIM) BlackBerry Enterprise Server (BES) software v4.1.7 and earlier y v5.0.0 hasta v5.0.2, y BlackBerry Professional Software v4.1.4 and earlier, permite a atacantse asistidos por usuarios remotos causar una denegacion de servicio y probablemente ejecutar código de su elección a través de un documento PDF manipulado. • http://blackberry.com/btsc/KB24547 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3741
https://notcve.org/view.php?id=CVE-2010-3741
The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack. El mecanismo de copia de seguridad offline de Research In Motion (RIM) BlackBerry Desktop Software utiliza PBKDF2 de una sola iteración, lo que facilita a los usuarios locales a la hora de descifrar un archivo .ipd a través de un ataque de fuerza bruta. • http://blog.crackpassword.com/2010/09/smartphone-forensics-cracking-blackberry-backup-passwords http://it.slashdot.org/story/10/10/01/166226 http://twitter.com/elcomsoft/statuses/25954970586 http://www.infoworld.com/t/mobile-device-management/you-can-no-longer-rely-encryption-protect-blackberry-436 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7360 • CWE-310: Cryptographic Issues •
CVE-2010-2600
https://notcve.org/view.php?id=CVE-2010-2600
Untrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Blackberry. Vulnerabilidad ruta de búsqueda no confiable en BlackBerry Desktop Software anterior a v6.0.0.47 permite a los usuarios locales, y posiblemente a los atacantes remotos, ejecutar código a su elección y y producir un ataque de secuestro de DLL, a través de un troyano DLL que está ubicado en la misma carpeta que un fichero que sea procesado por Blackberry. • http://secunia.com/advisories/41346 http://secunia.com/advisories/41398 http://www.blackberry.com/btsc/KB24242 http://www.securityfocus.com/bid/43139 http://www.securitytracker.com/id?1024425 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6843 •
CVE-2009-4778
https://notcve.org/view.php?id=CVE-2009-4778
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246, CVE-2009-0176, CVE-2009-0219, CVE-2009-2643, and CVE-2009-2646. Múltiples vulnerabilidades no especificadas en PDF distiller en el componente Attachment Service en Research In Motion (RIM) BlackBerry Enterprise Server (BES) software v4.1.3 hasta v4.1.7 y v5.0.0, y BlackBerry Professional Software v4.1.4, permite a atacantes remotos asistidos por usuarios causar una denegación de servicio (caída de memoria) o probablemente ejecutar código de su elección a través de un fichero adjunto .pdf manipulado, una vulnerabilidad diferente que CVE-2008-3246, CVE-2009-0176, CVE-2009-0219, CVE-2009-2643, and CVE-2009-2646. • http://secunia.com/advisories/37562 http://www.blackberry.com/btsc/KB19860 http://www.securityfocus.com/bid/37167 http://www.securitytracker.com/id?1023258 http://www.vupen.com/english/advisories/2009/3372 •