By Thomas Claburn
February 10, 2009
Research In Motion (NSDQ: RIMM) (RIM) on Tuesday issued a security
advisory to those of its BlackBerry customers who are using BlackBerry
Application Web Loader Version 1.0 and Microsoft (NSDQ: MSFT) Internet
A vulnerability in the BlackBerry Application Web Loader ActiveX control
could allow an attacker to execute code remotely or to cause Microsoft
Internet Explorer to crash, the company said.
"An exploitable buffer overflow exists in the BlackBerry Application Web
Loader ActiveX control that Internet Explorer uses to install
applications on BlackBerry devices," RIM explains in its advisory. "When
a BlackBerry device user browses to a Web site that is designed to
install the BlackBerry Application Web Loader ActiveX control on
BlackBerry devices over a USB connection, and clicks 'Yes' to install
and run the ActiveX control, the ActiveX control introduces the
vulnerability to the computer."
RIM's warning comes in conjunction with a security advisory issued by
Microsoft that updates its ActiveX kill bit list to include a kill bit
to prevent the BlackBerry Application Web Loader ActiveX control from
Best Selling Security Books & More!