Support Headlines

On Wednesday Dec 17, Microsoft released an out-of-band security update. MS08-078 - Security Update for Internet Explorer (960714). This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Some Nortel products contain this software as a component. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. MS08-078 addresses the following 4 vulnerabilities: 1. CVE-2008-4844 - Pointer Reference Memory Corruption Vulnerability - (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4844) A remote code execution vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object’s memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Please refer to the Microsoft link in the Source section for additional information about workarounds and mitigating factors for the vulnerability addressed by this update. Microsoft Ratings: Maximum Severity Rating - Critical Impact of Vulnerability - Remote Code Execution Exploitability Index - 1 - Consistent exploit code likely (Public at bulletin release) Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=814044 MS08-078 Specific Information