Nortel: Technical Support: Nortel Response to Sun Alert 249366 - Solaris 10 - Multiple Security Vulnerabilities in the Adobe Reader

You are currently browsing our site with javascriptdisabled. Some features may be unavailable. Learn more about viewing our site.

Welcome, Guest

Help Using This Site

Nortel Response to Sun Alert 249366 - Solaris 10 - Multiple Security Vulnerabilities in the Adobe Reader

Description:	Sun Microsystems has recently released Sun Alert 249366 - Solaris 10 - Multiple Security Vulnerabilities in the Adobe Reader. This provides a Solaris 10 patch for the following issue - Multiple security vulnerabilities in the Adobe Reader may allow remote unprivileged users to execute arbitrary code with the permissions of the local user or create a Denial of Service (DoS) condition. In addition, Adobe Reader, when used as a browser plugin, may give remote users the ability to execute arbitrary code within the browser with the permissions of the local user. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Sun Alert 249366 is available at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-249366-1 This bulletin addresses the following CVEs (CVSS severity in parenthesis). CVE-2008-2992 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2992 (9.3) Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104. CVE-2008-2549 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2549 (4.3) Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf. CVE-2008-4812 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4812 (9.3) Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts
Type:	Security Advisories
Number:	2009009504, Rev 1
Status:	Retired
Date:	2009-11-23

Show Associated Products

Bulletin Downloads

		Title	Extension	File Size	Language
		Nortel Response to Sun Alert 249366 - Solaris 10 - Multiple Security Vulnerabilities in the Adobe Reader Checksum: 9bafaf0a4a238258a2a80b3fa0459c63 [MD5]	[pdf]	24051 bytes	English

Associated Products

Media Processing Server (MPS) 1000

Periphonics Common Channel Signaling Server (CCSS)

Periphonics PeriToolsWorkstation

Periphonics Speech Platform

Self-Service Portfolio

Speech and Self-Service