Nortel Response to Microsoft Security Bulletin MS08-028
| Description: |
On May 13, 2008, Microsoft released a security update MS08-028 - Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749). Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. MS08-028 addresses the following potential vulnerabilities: 1) Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability - CVE-2007-6026 A buffer overrun vulnerability exists in the Microsoft Jet Database Engine (Jet) that could allow remote code execution on an affected system. An attacker could exploit the vulnerability by creating a specially crafted database query and sending it through an application that is using Jet on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories For more information: Please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region. Nortel security advisories: http://nortel.com/securityadvisories Nortel Partner Information Center (PIC) website: http://www.nortelnetworks.com/pic |
| Type: |
Security Advisories |
| Number: |
2008008858, Rev 1 |
| Status: |
Retired |
| Date: |
2008-10-17 |
