Nortel: Technical Support: Nortel Response to Microsoft Security Bulletin MS08-010

You are currently browsing our site with javascriptdisabled. Some features may be unavailable. Learn more about viewing our site.

Welcome, Guest

Help Using This Site

Nortel Response to Microsoft Security Bulletin MS08-010

Description:	Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories On February 12, 2008, Microsoft released a security update MS08-010 - Cumulative Security Update for Internet Explorer (944533). Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. MS08-010 addresses the following 4 potential vulnerabilities: 1) HTML Rendering Memory Corruption Vulnerability - CVE-2008-0076 A remote code execution vulnerability exists in the way Internet Explorer interprets HTML with certain layout combinations. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. 2) Property Memory Corruption Vulnerability - CVE-2008-0077 A remote code execution vulnerability exists in the way Internet Explorer handles a property method. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. 3) Argument Handling Memory Corruption Vulnerability - CVE-2008-0078 A remote code execution vulnerability exists in the way Internet Explorer handles argument validation in image processing. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as
Type:	All Bulletin Types
Number:	2008008629, Rev 1
Status:	Retired
Date:	2008-06-03

Show Associated Products

Content Unavailable

This content is no longer available on the Technical Support web site.

Associated Products