Nortel Response to Microsoft Security Bulletin MS09-032
| Description: |
On Tuesday, July 14th, Microsoft released MS09-032 - Cumulative Security Update of ActiveX Kill Bits (973346). This security update resolves a privately reported vulnerability in Microsoft Video ActiveX Control. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer that uses the ActiveX control. Some Nortel products contain this Microsoft software as a component and thus are potentially affected by the vulnerability. This bulletin contains a consolidated, multi-product response to the Microsoft update. MS09-032 addresses the following CVE: 1) Microsoft Video ActiveX Control Vulnerability - CVE-2008-0015 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0015 A remote code execution vulnerability exists in the Microsoft Video ActiveX Control, msvidctl.dll. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. Microsoft Ratings for MS09-032: Maximum Severity Rating - Critical Impact of Vulnerability - Remote Code Execution Exploitability Index - 1 - Consistent exploit code likely. Microsoft Bulletins replaced by this update: MS08-032. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories For more information: Please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region. Nortel security advisories: http://nortel.com/securityadvisories Nortel Partner Information Center (PIC) website: http://www.nortelnetworks.com/pic |
| Type: |
All Bulletin Types |
| Number: |
2009009619, Rev 1 |
| Status: |
Retired |
| Date: |
2010-01-22 |
|
|
Title |
Extension |
File Size |
Language |
|
