Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® OS Smartphones

New Member
Posts: 1
Registered: ‎11-21-2012
My Device: Bold 9930
My Carrier: Verizon

Blackberry Bold 9930 Update Triggers Tipping Point IPS Alert at Module 944

[ Edited ]

One of our coworkers was updating his Blackberry Bold 9930 to Software version 7.1 Bundle 2123.  At module 944 into the update process our Tipping Point IPS fired the following alert indicating a module in the software download contained a malicious quicktime file.  The Tipping Poiint Alert information is listed below.  We checked this alert and it had not fired in the last 30 days so we don't believe its a soft rule.  Just wanted to make you aware that module 944 may contain a malicious payload.  Please let me know if this module is ok so I can flag this as a false positive.  Thanks very much for your help.



Event Information
Event No: 214686
Event Time: 11/20/12 3:44:02 PM EST
Hit Count: 1
Severity: Critical
<No Event Msg>
Type: Block

Segment & Device Information
Segment: CommRoomLink-6 (6A > 6B)
Device: dlt_ips_sensor
Segment Port In: 12

Network Information
Source Addr:
 Geo: United States
 Region: NY
 City: Brooklyn
 Named Rsrc: [Not Found]
Source Port: 80
Dest. Addr:
 Geo: [Not Found]
 Region: [Not Found]
 City: [Not Found]
 Named Rsrc: Private_Subnet_10.4.52.39
Dest. Port: 4777
VLAN: 199

Filter Information
Filter Name: 8302: HTTP: Malicious Quicktime File Download
Class: Vulnerability : Buffer/Heap Overflow
Category: Vulnerabilities
Protocol: http
CVE Id: 2009-1538
Profile: Boscovs Inscope Profile
Platform: Windows Client Application
Bugtraq Id: None
Description: This filter detects the download of a malicious Apple Quicktime file that can cause memory corruption in Microsoft DirectShow. Due to the way that Microsoft DirectShow parses Apple Quicktime files, certain structures can be specially formed to cause a memory corruption to occur. A malicious attacker can take advantage of this flaw to corrupt memory and gain arbitrary code execution in the context of the user opening the file. Note: This flaw does not affect Apple Quicktime Player or other Quicktime file parses. References: Microsoft Security Bulletin MS09-028 http://www.microsoft.com/technet/security/Bulletin/MS09-028.mspx Quicktime File Format Specification http://developer.apple.com/documentation/QuickTime/QTFF/QTFFChap2/qtff2.html