Nortel: Technical Support: Nortel Response to Sun Alert 248586 - Multiple Security Vulnerabilities in the Flash Player Plugin for Solaris

You are currently browsing our site with javascriptdisabled. Some features may be unavailable. Learn more about viewing our site.

Welcome, Guest

Help Using This Site

Nortel Response to Sun Alert 248586 - Multiple Security Vulnerabilities in the Flash Player Plugin for Solaris

Description:	Sun Microsystems has recently released Sun Alert 248586 - Multiple Security Vulnerabilities in the Flash Player Plugin for Solaris. According to Sun, the alert addresses multiple security vulnerabilities in the Flash Player plugin distributed with Solaris which may allow a remote unprivileged user the ability to execute arbitrary code with the privileges of a local user on the system while loading a malicious SWF file with the affected plugin. In addition, the Flash Player plugin may allow a remote user to bypass the Security Sandbox Model, modify the clipboard with a URL, allow cross-site scripting attacks, inject arbitrary web script or HTML, obtain sensitive data, conduct DNS rebinding and hijack the camera or microphone while loading a malicious SWF file with the affected plugin. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Sun Alert 248586 is available at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-248586-1 This bulletin addresses the following CVEs: * CVE-2008-4818 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4818 * CVE-2008-4819 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4819 * CVE-2008-4820 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4820 * CVE-2008-4821 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4821 * CVE-2008-4822 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4822 * CVE-2008-4823 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4823 * CVE-2008-4824 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4824 * CVE-2007-6243 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243 * CVE-2008-3873 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3873 * CVE-2007-4324 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4324 * CVE-200
Type:	Security Advisories
Number:	2009009312, Rev 1
Status:	Retired
Date:	2009-08-27

Show Associated Products

Bulletin Downloads

		Title	Extension	File Size	Language
		Nortel Response to Sun Alert 248586 - Multiple Security Vulnerabilities in the Flash Player Plugin for Solaris Checksum: d71cf584c08085b744990b7d533b9d50 [MD5]	[pdf]	22943 bytes	English

Associated Products

Media Processing Server (MPS) 1000

Periphonics Common Channel Signaling Server (CCSS)

Periphonics PeriToolsWorkstation

Periphonics Speech Platform

Self-Service Portfolio

Speech and Self-Service