製品・ソフトウェアに関する情報

JVN脆弱性詳細

BlackBerry Desktop Software における任意のコードを実行される脆弱性

Title	BlackBerry Desktop Software における任意のコードを実行される脆弱性
Summary	BlackBerry Desktop Software には、検索パスに関する処理に不備があるため、DLL ハイジャック攻撃を誘導され、任意のコードを実行される脆弱性が存在します。
Possible impacts	ローカルユーザおよび第三者により、Blackberry によって処理されるファイルと同じフォルダ内に格納されているトロイの木馬の DLL を介して、DLL ハイジャック攻撃を誘発され、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 9, 2010, midnight
Registration Date	March 29, 2011, 2:42 p.m.
Last Update	March 29, 2011, 2:42 p.m.

Affected System

BlackBerry

BlackBerry Desktop Software for PC

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-2600	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2600
National Vulnerability Database (NVD)
2	CVE-2010-2600	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2600

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
Security Advisory
1	KB24242	http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24242

その他

No	Name	URL
JVN
1	JVNTA10-238A	http://jvn.jp/cert/JVNTA10-238A/index.html
Secunia Advisory
2	SA41346	http://secunia.com/advisories/41346
3	SA41398	http://secunia.com/advisories/41398
SecurityFocus
4	43139	http://www.securityfocus.com/bid/43139
SecurityTracker
5	1024425	http://www.securitytracker.com/id?1024425
US-CERT Technical Cyber Security Alert
6	TA10-238A	http://www.us-cert.gov/cas/techalerts/TA10-238A.html

Change Log

No	Changed Details	Date of change
0	[2011年03月29日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-2600

Summary	Untrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Blackberry.
Publication Date	Sept. 16, 2010, 3 a.m.
Registration Date	Jan. 29, 2021, 11:03 a.m.
Last Update	Nov. 21, 2024, 10:16 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:rim:blackberry_desktop_software:5.0.1:::::::*
cpe:2.3:a:rim:blackberry_desktop_software:3.0:::::::*
cpe:2.3:a:rim:blackberry_desktop_software:4.5:::::::*
cpe:2.3:a:rim:blackberry_desktop_software:5.0:::::::*
cpe:2.3:a:rim:blackberry_desktop_software::::::::		6.0
cpe:2.3:a:rim:blackberry_desktop_software:4.7:::::::*
cpe:2.3:a:rim:blackberry_desktop_software:4.6:::::::*
cpe:2.3:a:rim:blackberry_desktop_software:4.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://secunia.com/advisories/41346	Vendor Advisory
2	http://secunia.com/advisories/41346	Vendor Advisory
3	http://secunia.com/advisories/41398	Vendor Advisory
4	http://secunia.com/advisories/41398	Vendor Advisory
5	http://www.blackberry.com/btsc/KB24242	Patch Vendor Advisory
6	http://www.blackberry.com/btsc/KB24242	Patch Vendor Advisory
7	http://www.securityfocus.com/bid/43139
8	http://www.securityfocus.com/bid/43139
9	http://www.securitytracker.com/id?1024425
10	http://www.securitytracker.com/id?1024425
11	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6843
12	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6843

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:rim:blackberry_desktop_software:5.0.1:::::::*
cpe:2.3:a:rim:blackberry_desktop_software:3.0:::::::*
cpe:2.3:a:rim:blackberry_desktop_software:4.5:::::::*
cpe:2.3:a:rim:blackberry_desktop_software:5.0:::::::*
cpe:2.3:a:rim:blackberry_desktop_software::::::::		6.0
cpe:2.3:a:rim:blackberry_desktop_software:4.7:::::::*
cpe:2.3:a:rim:blackberry_desktop_software:4.6:::::::*
cpe:2.3:a:rim:blackberry_desktop_software:4.0:::::::*