Nortel Response to Microsoft Security Bulletin MS08-022
| Description: |
On April 8, 2008, Microsoft released a security update MS08-022 - Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. MS08-022 addresses the following potential vulnerabilities: 1) VBScript/JScript Remote Code Execution Vulnerability - CVE-2008-0083 A remote code execution vulnerability exists in the way that the VBScript and JScript scripting engines decode script in Web pages. This vulnerability could allow remote code execution if a user opened a specially crafted file or visited a Web site that is running specially crafted script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories For more information: Please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region. Nortel security advisories: http://nortel.com/securityadvisories Nortel Partner Information Center (PIC) website: http://www.nortelnetworks.com/pic |
| Type: |
Security Advisories |
| Number: |
2008008771, Rev 1 |
| Status: |
Retired |
| Date: |
2008-07-21 |
