Nortel: Technical Support: Nortel Response to Microsoft Security Bulletin MS07-057

You are currently browsing our site with javascriptdisabled. Some features may be unavailable. Learn more about viewing our site.

Welcome, Guest

Help Using This Site

Nortel Response to Microsoft Security Bulletin MS07-057

Description:	Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories On October 9, 2007, Microsoft released a security update MS07-057 - Cumulative Security Update for Internet Explorer (939653). Some Nortel products contain this software as a component and thus are potentially affected by the vulnerability addressed. This bulletin provides a multi-product consolidated response for the Nortel products which contain a Microsoft software component potentially affected by MS07-057. MS07-057 addresses the following potential vulnerabilities: (note that while 1 & 3 below sound the same in the high-level summary, they are indeed separate issues). 1) Address Bar Spoofing Vulnerability - CVE-2007-3892 A spoofing vulnerability exists in Internet Explorer that could allow an attacker to display spoofed content in a browser window. The address bar and other parts of the trust UI has been navigated away from the attacker's Web site but the content of the window still contains the attacker's Web page. 2) Error Handling Memory Corruption Vulnerability - CVE-2007-3893 A remote code execution vulnerability exists in Internet Explorer due to an unhandled error in certain situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page. If a user viewed the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. 3) Address Bar Spoofing Vulnerability - CVE-2007-1091 & CVE-2007-3826 Spoofing vulnerabilities exist in Internet Explorer that could allow an attacker to display spoofed content in a browser window. The address bar and other parts of the trust UI has been navigated away from the attacker's Web site but the content of the window still contains the attacker's Web page. Impact of Vulnerability: The vulnerability w
Type:	Security Advisories
Number:	2007008372, Rev 1
Status:	Retired
Date:	2008-01-16

Show Associated Products

Bulletin Downloads

		Title	Extension	File Size	Language
		Nortel Response to Microsoft Security Bulletin MS07-057 Checksum: 795265a93c84846bac3f367450af2aff [MD5]	[pdf]	21628 bytes	English

Associated Products

Application Server 5200

CDMA Network Manager

Communication Server 1000 Telephony Manager

Contact Center - Multimedia

Contact Center Manager Administration

Contact Center Manager Server

Contact Center Portfolio

Integrated Access - Cable

Media Processing Server (MPS) 100

Media Processing Server (MPS) 1000

Media Processing Server (MPS) 500

Multimedia Communication Server 5100

Multiservice Data Manager (MDM)

Packet Transit - IP

Periphonics PeriToolsWorkstation

Periphonics Speech Platform

Self-Service Portfolio

Speech and Self-Service

Universal Access - IP

Wireless Network Management System (W-NMS)