RIM has warned that BlackBerry users that two vulnerabilities could prevent them from opening attachments.
The first vulnerability allows an attacker to use a corrupt TIFF image file to cause a heap overflow error that can stop a user's ability to view attachments . The US Computer Emergency Readiness Team (US-CERT) has issued an advisory noting the existence of the vulnerability and referred users to RIM for remediation.
In a posting on its support website, RIM said it was aware of the vulnerability and will fix the problem in future releases of BlackBerry Enterprise Server. In the meantime, the company suggested that administrators use a workaround that blocks TIFF attachments.
The second vulnerability is exploited by sending malformed protocol packets that cause a denial of service for all BlackBerry Enterprise Server communication. This vulnerability normally applies only to internal users but can be exploited by an external attacker who is able to manipulate DNS queries, RIM said.
The company advised customers to ensure that the BlackBerry Enterprise Server and BlackBerry Router are behind a properly configured firewall to protect them from external attacks. It also advised companies to create static entries in their DNS or hosts tables for the BlackBerry Infrastructure to minimise the risk of DNS hijacking.
RIM has said it will eliminate this vulnerability in a future software release.