Nortel Response to Microsoft Security Bulletin MS09-037
| Description: |
On Tuesday, August 11th, Microsoft released security update MS09-037 - Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908). This security update resolves several privately reported vulnerabilities in Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control hosted on a malicious website. Some Nortel products contain this Microsoft software as a component and thus are potentially affected by the vulnerability. This bulletin contains a consolidated, multi-product response to the Microsoft update. Microsoft ratings for MS09-037: Maximum Severity Rating - Critical Impact of Vulnerability - Remote Code Execution Exploitability Index - 1 - Consistent exploit code likely. Microsoft bulletins replaced by this update: MS08-048, MS07-047, MS05-013. MS09-037 addresses the following CVEs: 1) Microsoft Video ActiveX Control Vulnerability - CVE-2008-0015 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0015) A remote code execution vulnerability exists in the Microsoft Active Template Library (ATL) due to the function CComVariant::ReadFromStream used in the ATL header. This function does not properly restrict untrusted data read from a stream. This issue leads to reading data directly onto the stack instead of reading it into the area of memory allocated for an array, which could allow a remote, unauthenticated user to perform remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. 2) ATL Header Memcopy Vulnerability - CVE-2008-0020 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0020) A remote code execution vulnerability exists in the Microsoft Active Template Library (ATL) due to an error in the Load method of the IPersistStreamInit interface |
| Type: |
Security Advisories |
| Number: |
2009009666, Rev 1 |
| Status: |
Active |
| Date: |
2009-08-14 |
