Nortel: Technical Support: Nortel Response to Adobe Vulnerability Identifier APSB08-19

You are currently browsing our site with javascriptdisabled. Some features may be unavailable. Learn more about viewing our site.

Welcome, Guest

Help Using This Site

Nortel Response to Adobe Vulnerability Identifier APSB08-19

Description:	Adobe has recently released a Security Update for Adobe Reader 8 and Acrobat 8. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. The Adobe Summary states that critical vulnerabilities have been identified in Adobe Reader and Acrobat 8.1.2 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system. In addition, Adobe Reader 9 and Acrobat 9 are not vulnerable to these issues. Adobe recommends users of Acrobat 8 and Adobe Reader 8 who can't update to Adobe Reader 9 install the 8.1.3 update to protect themselves from potential vulnerabilities This bulletin addresses the following CVEs: 1. CVE-2008-2549 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2549) Adobe Acrobat Reader 8.1.2 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf. 2. CVE-2008-2992 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2992) Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104. 3. CVE-2008-4812 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4812) Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts. 4. CVE-2008-4813 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4813) Adobe Reader and Acrobat 8.1.2 and earlier allow re
Type:	Security Advisories
Number:	2008009218, Rev 1
Status:	Retired
Date:	2009-06-24

Show Associated Products

Bulletin Downloads

		Title	Extension	File Size	Language
		Nortel Response to Adobe Vulnerability Identifier APSB08-19 Checksum: 62bdb3f2b93e46f47ce68cf5d1880cd5 [MD5]	[pdf]	26374 bytes	English

Associated Products

Business Communications Manager 200

Business Communications Manager 400

Business Communications Manager 1000

CDMA SuperNode Data Manager

Circuit Switching

Communication Server 2000

Communication Server 2000 Core Manager

Communication Server 2000 Session Server Trunks

Communication Server 2000-Compact

Communication Server 2100

DMS-100/200 Local Switching Systems

DMS-Global Services Platform

DMS-STP/SSP IntegratedNode (INode)

Extended Peripheral Module (XPM)

GSM-UMTS Home Location Register

GSM-UMTS Mobile Switching Center Server

GSM-UMTS SuperNode Data Manager

Integrated Access - Cable

Integrated Element Management System (IEMS)

Media Processing Server (MPS) 1000

Media Processing Server (MPS) 500

Meridian SL-100

Optivity Telephony Manager for SL-100

Packet Transit - AAL2

Packet Transit - IP

Packet Trunking - AAL1

Periphonics Speech Platform

Self-Service Portfolio

Spectrum Peripheral Module (SPM)

Speech and Self-Service

SuperNode Data Manager

Survivable Remote Gateway 200/400

Universal Access - AAL1

Universal Access - IP

VoIP Infrastructure Solutions

Wireless Network Management System (W-NMS)