Nortel: Technical Support: Nortel Response to Microsoft Security Bulletin MS09-019

You are currently browsing our site with javascriptdisabled. Some features may be unavailable. Learn more about viewing our site.

Welcome, Guest

Help Using This Site

Nortel Response to Microsoft Security Bulletin MS09-019

Description:	On Tuesday, June 9th, Microsoft released MS09-019 - Cumulative Security Update for Internet Explorer (969897). This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles scripts and cached content and initializes memory. Some Nortel products contain this Microsoft software as a component and thus are potentially affected by the vulnerabilities. This bulletin contains a consolidated, multi-product response to the Microsoft update. MS09-019 addresses the following CVEs: 1) Race Condition Cross-Domain Information Disclosure Vulnerability - CVE-2007-3091 An information disclosure vulnerability exists in Internet Explorer that could allow script to gain access to the content in another browser window in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could view data from a Web page in another Internet Explorer domain. 2) Cross-Domain Information Disclosure Vulnerability - CVE-2009-1140 An information disclosure vulnerability exists in the way that Internet Explorer caches data and incorrectly allows the cached content to be called, potentially bypassing Internet Explorer domain restriction. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could view content from the local computer or another browser window in another domain or Internet Explorer zone. 3) DHTML Object Memory
Type:	Security Advisories
Number:	2009009559, Rev 1
Status:	Retired
Date:	2009-08-18

Show Associated Products

Bulletin Downloads

		Title	Extension	File Size	Language
		Nortel Response to Microsoft Security Bulletin MS09-019 Checksum: 3bdc21a688dd8e1a341cde953ad8ee37 [MD5]	[pdf]	23522 bytes	English

Associated Products

Application Server 5200

Bulletin temp product

Communication Server 1000 Telephony Manager

Contact Center - Express

Contact Center - Multimedia

Contact Center Manager Administration

Contact Center Manager Server

Contact Center Portfolio

Integrated Access - Cable

Media Processing Server (MPS) 100

Media Processing Server (MPS) 1000

Media Processing Server (MPS) 500

Multimedia Communication Server 5100

Multiservice Data Manager (MDM)

Packet Transit - IP

Periphonics PeriToolsWorkstation

Periphonics Speech Platform

Self-Service Portfolio

Speech and Self-Service

Universal Access - IP

VoIP Infrastructure Solutions

WiMAX Network Management System 5000