Nortel Response to Microsoft Security Bulletin MS06-041
| Description: |
Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories =========== == Source == =========== On August 08, 2006 - Microsoft issued Security Bulletin MS06-041 addressing "Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683)". Some Nortel products are potentially affected by this issue. ============= == Overview == ============= Microsoft Bulletin MS06-041 is available at: http://www.microsoft.com/technet/security/Bulletin/MS06-041.mspx Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Description: MS06-041 addresses 2 potential vulnerabilities - 1. Winsock Hostname Vulnerability - CVE-2006-3440: There is a remote code execution vulnerability in Winsock that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. For an attack to be successful the attacker would have to force the user to open a file or visit a website that is specially crafted to call the affected Winsock API. 2. DNS Client Buffer Overrun Vulnerability - CVE-2006-3441: There is a remote code execution vulnerability in the DNS Client service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. Security Update Replacement: None. |
| Type: |
Security Advisories |
| Number: |
2006007222, Rev 1 |
| Status: |
Retired |
| Date: |
2007-10-24 |
