RIM Releases Patch for Buggy ActiveX Control

From PC World: Research iIn Motion has patched a piece of software for Windows PCs that could leave them vulnerable to attack when loading new applications onto BlackBerry devices.

The flaw lies in an ActiveX control used to load third-party applications onto BlackBerrys connected to a PC via a USB cable. An ActiveX control is a small add-on program that works in a Web browser to facilitate the downloading of programs or security updates. However, the controls have been prone to vulnerabilities.

RIM said in an advisory that a vulnerability is introduced to a PC when someone runs the BlackBerry Application Web Loader Version 1.0 ActiveX control with any version of Microsoft's Internet Explorer browser. The advisory contains a link to the patch.

The vulnerability is an exploitable buffer overflow, which is a problem in memory that could allow an unauthorized program to run. RIM didn't give details on how it might be exploited.

However, the U.S. Computer Emergency Readiness Team (CERT) said an attacker could be able to execute arbitrary code with the privileges of a user by getting that user to view a specially-crafted HTML document. It could also cause Internet Explorer to crash, CERT wrote in an advisory.

View: Article @ Source Site