Nortel: Technical Support: Nortel Enterprise Response to Microsoft Security Bulletin MS09-051

You are currently browsing our site with javascriptdisabled. Some features may be unavailable. Learn more about viewing our site.

Welcome, Guest

Help Using This Site

Nortel Enterprise Response to Microsoft Security Bulletin MS09-051

Description:	On Tuesday, Oct 13, Microsoft has released MS09-051 - Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682). This security update resolves two privately reported vulnerabilities in Windows Media Runtime. The vulnerabilities could allow remote code execution if a user opened a specially crafted media file or received specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Microsoft ratings for MS09-051: Maximum Severity Rating - Critical Impact of Vulnerability - Remote Code Execution Exploitability Index - 1 - Consistent exploit code likely. MS09-051 addresses the following CVEs: 1) Windows Media Runtime Voice Sample Rate Vulnerability - CVE-2009-0555 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0555 A remote code execution vulnerability exists in Windows Media Player due to the improper processing of specially crafted Advanced Systems Format (ASF) files. An attacker could exploit the vulnerability by constructing a specially crafted audio file that could allow remote code execution when played using an affected version of Windows Media Player. An attacker who successfully exploited this vulnerability could take complete control of an affected system. 2) Windows Media Runtime Heap Corruption Vulnerability - CVE-2009-2525 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2525 A remote code execution vulnerability exists in the way that Microsoft Windows Media Runtime handles certain functions in compressed audio files. This vulnerability could allow remote code execution if a user opened a specially crafted file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create ne
Type:	Security Advisories
Number:	2009009804, Rev 1
Status:	Active
Date:	2009-10-16

Show Associated Products

Bulletin Downloads

		Title	Extension	File Size	Language
		Nortel Enterprise Response to Microsoft Security Bulletin MS09-051 Checksum: aeda247694db6db2762b38619c4b75a7 [MD5]	[pdf]	22640 bytes	English

Associated Products

Contact Center - Express

Contact Center - Multimedia

Contact Center Manager Administration

Contact Center Manager Server

Contact Center Portfolio

Enterprise Network Management System

Media Processing Server (MPS) 100

Media Processing Server (MPS) 1000

Media Processing Server (MPS) 500

Periphonics Common Channel Signaling Server (CCSS)

Periphonics PeriToolsWorkstation

Periphonics Speech Platform

Self-Service Portfolio

Speech and Self-Service

Symposium Agent

Symposium TAPI Service Provider