Nortel: Technical Support: Nortel Enterprise Response to Microsoft Security Bulletin MS09-054

You are currently browsing our site with javascriptdisabled. Some features may be unavailable. Learn more about viewing our site.

Welcome, Guest

Help Using This Site

Nortel Enterprise Response to Microsoft Security Bulletin MS09-054

Description:	On Tuesday, Oct 13, Microsoft has released MS09-054 - Cumulative Security Update for Internet Explorer (974455). This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Microsoft ratings for MS09-054: Maximum Severity Rating - Critical Impact of Vulnerability - Remote Code Execution Exploitability Index - 1 - Consistent exploit code likely. Bulletins replaced by this update: MS09-034. MS09-054 addresses the following CVEs: 1) Data Stream Header Corruption Vulnerability - CVE-2009-1547 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1547 A remote code execution vulnerability exists in the way that Internet Explorer processes data stream headers in specific situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user 2) HTML Component Handling Vulnerability - CVE-2009-2529 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2529 A remote code execution vulnerability exists in the way that Internet Explorer handles argument validation of a variable in specific situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. 3) Uninitialized Memory Corruption Vulnerability - CVE-2009-2530 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2530 A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized
Type:	Security Advisories
Number:	2009009809, Rev 1
Status:	Active
Date:	2009-10-16

Show Associated Products

Bulletin Downloads

		Title	Extension	File Size	Language
		Nortel Enterprise Response to Microsoft Security Bulletin MS09-054 Checksum: 8eccb5bed7c44e27f5cb3dfc08b21683 [MD5]	[pdf]	22271 bytes	English

Associated Products

Bulletin temp product

Contact Center - Express

Contact Center - Multimedia

Contact Center Manager Administration

Contact Center Manager Server

Contact Center Portfolio

Media Processing Server (MPS) 100

Media Processing Server (MPS) 1000

Media Processing Server (MPS) 500

Periphonics PeriToolsWorkstation

Periphonics Speech Platform

Self-Service Portfolio

Speech and Self-Service