Blackberry Link
CVE-2015-4111
MEDIUM
Severity by source
AV:N/AC:M/Au:N/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
mc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file.
AnalysisAI
mc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. mc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file. Affected products include: Blackberry Blackberry Link. Version information: before 1.2.3.53.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Blackberry Link
View allBlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for rem
BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user ac
Same weakness CWE-20 – Improper Input Validation
View allShare
External POC / Exploit Code
Leaving vuln.today