Nortel: Technical Support: Nortel Enterprise Response to Microsoft Security Bulletin MS09-061

You are currently browsing our site with javascriptdisabled. Some features may be unavailable. Learn more about viewing our site.

Welcome, Guest

Help Using This Site

Nortel Enterprise Response to Microsoft Security Bulletin MS09-061

Description:	On Tuesday, Oct 13, Microsoft has released MS09-061 - Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution. This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in persuading a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing it, as could be the case in a Web hosting scenario. Microsoft .NET applications, Silverlight applications, XBAPs and ASP.NET pages that are not malicious are not at risk of being compromised because of this vulnerability. Microsoft ratings for MS09-061: Maximum Severity Rating - Critical Impact of Vulnerability - Remote Code Execution Exploitability Index - 1 - Consistent exploit code likely. Bulletins replaced by this update: MS07-040 MS09-061 addresses the following CVEs: 1) CVE-2009-0090 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0090 A remote code execution vulnerability exists in the Microsoft .NET Framework that could allow a malicious Microsoft .NET application to obtain a managed pointer to stack memory that is no longer used. The malicious Microsoft .NET application could then use this pointer to modify legitimate values placed at that stack location later, leading to arbitrary unmanaged code execution. Microsoft .NET applications that are not malicious are not at ri
Type:	Security Advisories
Number:	2009009807, Rev 1
Status:	Active
Date:	2009-10-16

Show Associated Products

Bulletin Downloads

		Title	Extension	File Size	Language
		Nortel Enterprise Response to Microsoft Security Bulletin MS09-061 Checksum: d1de52d6387751765aa99a253d4e8313 [MD5]	[pdf]	23445 bytes	English

Associated Products

Contact Center - Express

Contact Center - Multimedia

Contact Center Manager Administration

Contact Center Manager Server

Contact Center Portfolio

Enterprise Network Management System

Media Processing Server (MPS) 100

Media Processing Server (MPS) 1000

Media Processing Server (MPS) 500

Periphonics Common Channel Signaling Server (CCSS)

Periphonics PeriToolsWorkstation

Periphonics Speech Platform

Self-Service Portfolio

Speech and Self-Service

Symposium Agent

Symposium TAPI Service Provider