Vulnerability in the BlackBerry Desktop Manager allows remote code execution
Research In Motion (RIM) has tested the following software to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected.
Affected product: BlackBerry Desktop Software version 5.0 and earlier (on all platforms)
Non-Affected Software: BlackBerry® Device Software, BlackBerry® Enterprise Server
This advisory relates to a vulnerability in a Lotus Notes Intellisync DLL that the BlackBerry Desktop Manager may use. This vulnerability may allow a malicious user to perform an attack that leverages social engineering to achieve remote code execution on the computer running the BlackBerry Desktop Manager. If the legitimate (logged in) user clicks a link to a malicious web site (for example, in an email message, in a browser, or an instant message) on the computer that is running the BlackBerry Desktop Manager, a vulnerability in an Intellisync component could allow the malicious user who sent the link or created the malicious web site to execute code on the computer using the privileges of the legitimate user.
Note: The affected Lotus Notes Intellisync DLL is included by default in all BlackBerry Desktop Manager installations. This vulnerability exists whether or not the DLL is used after installation.
Issue Severity: This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.3.
Issue Status: Vulnerability confirmed. For more information, see the Resolution section.
Resolution
RIM has issued a software update that resolves this issue in BlackBerry Desktop Software version 5.0.1 and later.
Upgrade the BlackBerry Desktop Software
Note: The minimum BlackBerry Desktop Software version you can install to resolve this issue is 5.0.1.
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB19701 via http://www.us-cert.gov/current/index.html#blackberry_desktop_manager_vulnerability