Nortel: Technical Support: Nortel Response to Microsoft Security Bulletin MS09-029

You are currently browsing our site with javascriptdisabled. Some features may be unavailable. Learn more about viewing our site.

Welcome, Guest

Help Using This Site

Nortel Response to Microsoft Security Bulletin MS09-029

Description:	On Tuesday, July 14th, Microsoft released MS09-029 - Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371). This security update resolves two privately reported vulnerabilities in the Microsoft Windows component, Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Some Nortel products contain this Microsoft software as a component and thus are potentially affected by the vulnerabilities. This bulletin contains a consolidated, multi-product response to the Microsoft update. MS09-029 addresses the following CVEs: 1) Embedded OpenType Font Heap Overflow Vulnerability - CVE-2009-0231 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0231 A remote code execution vulnerability exists in the way that Microsoft Windows Embedded OpenType (EOT) font technology parses data records in specially crafted embedded fonts. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. 2) Embedded OpenType Font Integer Overflow Vulnerability - CVE-2009-0232 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0232 A remote code execution vulnerability exists in the way that Microsoft Windows Embedded OpenType (EOT) font technology parses name tables in specially crafted embedded fonts. If a user is logged on with administrative user rights, an attacker who successfully exp
Type:	All Bulletin Types
Number:	2009009618, Rev 1
Status:	Retired
Date:	2010-01-22

Show Associated Products

Bulletin Downloads

		Title	Extension	File Size	Language

Associated Products