Nortel Response to Microsoft Security Bulletin MS08-053
| Description: |
On September 9th, 2008, Microsoft released a security update MS08-053 - Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156). Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. 1. Windows Media Encoder Buffer Overrun Vulnerability - CVE-2008-3008 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3008) A remote code execution vulnerability exists in the WMEX.DLL ActiveX control installed by Windows Media Encoder 9 Series. The vulnerability could allow remote code execution if a user views a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories For more information: Please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region. Nortel security advisories: http://nortel.com/securityadvisories Nortel Partner Information Center (PIC) website: http://www.nortelnetworks.com/pic |
| Type: |
Security Advisories |
| Number: |
2008009061, Rev 1 |
| Status: |
Retired |
| Date: |
2009-03-08 |
