Nortel: Technical Support: Nortel Response to Microsoft Security Bulletin MS08-058

You are currently browsing our site with javascriptdisabled. Some features may be unavailable. Learn more about viewing our site.

Welcome, Guest

Help Using This Site

Nortel Response to Microsoft Security Bulletin MS08-058

Description:	On October 14th, 2008, Microsoft released a security update MS08-058 - Cumulative Security Update for Internet Explorer (956390). Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. MS08-058 addresses the following vulnerabilities: 1. CVE-2008-2947 - Window Location Property Cross-Domain Vulnerability (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2947) A remote code execution or information disclosure vulnerability exists in Internet Explorer that could allow an attacker to gain access to a browser window in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow remote code execution or information disclosure, depending on the operating system, if a user viewed the Web page. 2. CVE-2008-3472 - HTML Element Cross-Domain Vulnerability (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3472) A remote code execution or information disclosure vulnerability exists in Internet Explorer that could allow script to gain access to a browser window in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow remote code execution or information disclosure, depending on the operating system, if a user viewed the Web page. 3. CVE-2008-3473 - Event Handling Cross-Domain Vulnerability (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3473) A remote code execution or information disclosure vulnerability exists in Internet Explorer that could allow script to gain access to a browser window in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow remote code execution or information disclo
Type:	Security Advisories
Number:	2008009123, Rev 1
Status:	Retired
Date:	2009-05-29

Show Associated Products

Bulletin Downloads

		Title	Extension	File Size	Language
		Nortel Response to Microsoft Security Bulletin MS08-058 Checksum: d5d4a8e7074235cd1486bb5ed0beb268 [MD5]	[pdf]	23842 bytes	English

Associated Products

Application Server 5200

CDMA Network Manager

Communication Server 1000 Telephony Manager

Contact Center - Express

Contact Center - Multimedia

Contact Center Manager Administration

Contact Center Manager Server

Contact Center Portfolio

Integrated Access - Cable

Media Processing Server (MPS) 100

Media Processing Server (MPS) 1000

Media Processing Server (MPS) 500

Multimedia Communication Server 5100

Multiservice Data Manager (MDM)

Packet Transit - IP

Periphonics PeriToolsWorkstation

Periphonics Speech Platform

Self-Service Portfolio

Speech and Self-Service

Universal Access - IP

VoIP Infrastructure Solutions

WiMAX Network Management System 5000

Wireless Network Management System (W-NMS)