‘RIM BlackBerry DoS (Meeting Location)’
‘RIM BlackBerry is a Java-based wireless connectivity solution providing phone, e-mail, and other services on a variety of handheld devices.
* RIM Blackberry 7230 with RIM BlackBerry Operating System software version 220.127.116.11. The Blackberry was synchronized with Microsoft Exchange server using Blackberry Enterprise Server for Microsoft Exchange.
* The issue has been corrected in BlackBerry handheld software version 3.8 and above.
Insufficient data validation for incoming calendar data makes possible to cause buffer overflow condition leading to stack corruption. As a result, it is possible to reboot the device (all stored messages will be lost since RAM storage will be reinitialized).
The issue can easily be reproduced by sending a standard Microsoft Outlook meeting request message with very long string (over 128K) in the Location: field.
To force immediate user notification, set meeting date/time to the past. The Blackberry reboots when it tries to notify the user. No user action is required. It is possible to render Blackberry device completely useless by queuing a number of such messages into user’s mailbox.
The vendor has issued an official advisory which can be found at: Support – RIM analysis of HexView advisory titled BlackBerry buffer overflow, DoS, and data loss‘