Nortel Response to Microsoft Security Bulletin MS08-033
| Description: |
On June 10, 2008, Microsoft released a security update MS08-033 - Vulnerabilities in DirectX Could Allow Remote Code Execution (951698). Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. MS08-033 addresses the following potential vulnerabilities: 1) CVE-2008-0011 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0011) MJPEG Decoder Vulnerability - A remote code execution vulnerability exists in the way that the Windows MJPEG Codec handles MJPEG streams in AVI or ASF files. A user would have to preview or play a specially crafted MJPEG file for the vulnerability to be exploited. 2) CVE-2008-1444 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1444) SAMI Format Parsing Vulnerability - A remote code execution vulnerability exists in the way DirectX handles supported format files. This vulnerability could allow remote code execution if a user opened a specially crafted file. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories For more information: Please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region. Nortel security advisories: http://nortel.com/securityadvisories Nortel Partner Information Center (PIC) website: http://www.nortelnetworks.com/pic |
| Type: |
Security Advisories |
| Number: |
2008008897, Rev 1 |
| Status: |
Retired |
| Date: |
2008-10-17 |
