The Motorola Good Technology Group has released a security bulletin. This security bulletin addresses a potential vulnerability with one of the third party libraries used by Good Mobile Messaging for converting attachments to text when choosing the "View as Text" option from the Good Messaging client. While Good Messaging does not use the full suite of capabilities that these third party libraries provide and it is possible we do not suffer from this vulnerability, your organization may still be at risk. The potential vulnerability could allow an attacker to send an electronic mail message with an attachment to a Good Messaging user. When the user chooses to "View" the attachment, this vulnerability could be exploited resulting in the attacker gains "Good Admin" user privileges.
As recomended in the security bulliten, our system administrators have removed GdFileConv.exe from the Good Mobile Messaging server.
When user chooses to 'View' as text on the Good Client, the following error will be displayed - "Cannot Download the attachment. Format conversion failed on the server".
Users can choose "View High Quality" which uses native viewers such as Pocket Word, Pocket Excel or Docs2Go on Palm OS devices instead of "View as Text" option.
The direct link to the Good article for this vulnerability is: http://www.good.com/faq/18431.html