Nortel Response to Microsoft Security Bulletin MS08-008
| Description: |
Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories On February 12, 2008, Microsoft released a security update MS08-008 - Vulnerability in OLE Automation Could Allow Remote Code Execution (947890). Some Nortel products contain this software as a component and thus are potentially affected by the vulnerability addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. MS08-008 addresses the following potential vulnerabilities: 1) OLE Heap Overrun Vulnerability - CVE-2007-0065 A remote code execution vulnerability exists in Object Linking and Embedding (OLE) Automation that could allow an attacker who successfully exploited this vulnerability to make changes to the system with the permissions of the logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical For more information: Please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region. Nortel security advisories: http://nortel.com/securityadvisories Nortel Partner Information Center (PIC) website: http://www.nortelnetworks.com/pic |
| Type: |
All Bulletin Types |
| Number: |
2008008631, Rev 1 |
| Status: |
Retired |
| Date: |
2008-06-03 |
Content Unavailable
This content is no longer available on the Technical Support web site.
Associated Products
