Nortel Response to Microsoft Security Bulletin MS08-023
| Description: |
On April 8, 2008, Microsoft released a security update MS08-023 - Security Update of ActiveX Kill Bits (948881). Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. MS08-023 addresses the following potential vulnerabilities: 1) ActiveX Object Memory Corruption Vulnerability - CVE-2008-1086 A remote code execution vulnerability exists in the ActiveX control hxvz.dll. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories For more information: Please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region. Nortel security advisories: http://nortel.com/securityadvisories Nortel Partner Information Center (PIC) website: http://www.nortelnetworks.com/pic |
| Type: |
Security Advisories |
| Number: |
2008008772, Rev 1 |
| Status: |
Retired |
| Date: |
2008-07-21 |
