A new vulnerability has been found in the BlackBerry web application loader.

 

BlackBerry maker Research In Motion has warned users about a newly discovered vulnerability that could potentially enable an attacker to gain remote control of the device or crash the browser.

 

The flaw was found in BlackBerry's web application loader, an ActiveX feature that enables the handheld to load new applications via the Internet Explorer browser. RIM claimed that ‘an exploitable buffer overflow' exists in the BlackBerry ActiveX control.

 

However it has advised users to upload the current, patched version of web application loader, which does not have the flaw. It also said that users can disable the ActiveX control in their current browsers.

 

An advisory issued by US-CERT gave the vulnerability a Common Vulnerability Scoring System rating of 9.3 on a 10-point scale, which means the vulnerability is highly dangerous and potentially easy to exploit.

 

US-CERT said: “By convincing a user to view a specially crafted HTML document, an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer to crash.”