Nortel: Technical Support: Nortel response to Adobe Advisory APSB08-13 - Multiple Arbitrary Code Execution and Security Vulnerabilities

You are currently browsing our site with javascriptdisabled. Some features may be unavailable. Learn more about viewing our site.

Welcome, Guest

Help Using This Site

Nortel response to Adobe Advisory APSB08-13 - Multiple Arbitrary Code Execution and Security Vulnerabilities

Description:	Adobe has recently issued Advisory APSB08-13 - Security Updates available for Adobe Reader and Acrobat 7 and 8. This advisory provides fixes for critical vulnerabilities that have been identified in Adobe Reader and Acrobat 8.1.1 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. This bulletin addresses the following potential vulnerabilities: 1. CVE-2007-5659 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5659) Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655. 2. CVE-2007-5663 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5663) Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655. 3. CVE-2007-5666 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5666) Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655. 4. CVE-2008-2042 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2042) The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to (1) execute arbitrary commands or (2) trigger a buffer overflow via a crafted PDF file that inv
Type:	Security Advisories
Number:	2008008888, Rev 1
Status:	Retired
Date:	2008-12-01

Show Associated Products

Bulletin Downloads

		Title	Extension	File Size	Language
		Nortel response to Adobe Advisory APSB08-13 - Multiple Arbitrary Code Execution and Security Vulnerabilities Checksum: 1981414f357b58c6239d8599b78a308e [MD5]	[pdf]	23608 bytes	English

Associated Products

Business Communications Manager 200

Business Communications Manager 400

Business Communications Manager 1000

CDMA Network Manager

CDMA SuperNode Data Manager

Circuit Switching

Communication Server 2000

Communication Server 2000 Core Manager

Communication Server 2000 Session Server Trunks

Communication Server 2000-Compact

Communication Server 2100

DMS-100/200 Local Switching Systems

DMS-Global Services Platform

DMS-STP/SSP IntegratedNode (INode)

Extended Peripheral Module (XPM)

GSM-UMTS Home Location Register

GSM-UMTS Mobile Switching Center Server

GSM-UMTS SuperNode Data Manager

Integrated Access - Cable

Integrated Element Management System (IEMS)

Media Processing Server (MPS) 1000

Media Processing Server (MPS) 500

Meridian SL-100

Optivity Telephony Manager for SL-100

Packet Transit - AAL2

Packet Transit - IP

Packet Trunking - AAL1

Periphonics Speech Platform

Self-Service Portfolio

Spectrum Peripheral Module (SPM)

Speech and Self-Service

SuperNode Data Manager

Survivable Remote Gateway 200/400

Universal Access - AAL1

Universal Access - IP

VoIP Infrastructure Solutions

Wireless Network Management System (W-NMS)