Please update to BES 5.0.4 MR2 as soon as this bug is fixed:
https://bugzilla.zimbra.com/show_bug.cgi?id=78414
(Summary: "Official support for BES 5.0.4")
There are also some workarounds mentioned. They look like doing a snapshot before is a good idea.
Please, have a look at those pages for more details:
BlackBerry Enterprise Server vulnerable to dangerous TIFFs - The H Security: News and Features
KB33425-BSRT-2013-003 Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution
Kind regards and happy patching,
Aiko