| Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for nine web based, client side vulnerabilities included in the February 2011 Microsoft patch cycle. Zscaler will continue to monitor exploits associated with this release and deploy additional protections as necessary. |
| MS11-003 – Cumulative Security Update for Internet Explorer (2482017) |
Severity: Critical
Affected Software
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
|
| CVE-2010-3971 - CSS Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses memory, while importing a Cascading Style Sheet that refers to itself recursively. |
| CVE-2011-0035 - Uninitialized Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. |
| CVE-2011-0036 - Uninitialized Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. |
| CVE-2011-0038 - Internet Explorer Insecure Library Loading Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Internet Explorer handles the loading of DLL files. |
| MS11-006 – Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185) |
Severity: Critical
Affected Software
- Windows XP
- Windows 2003 Server
- Windows Vista
- Windows Server 2008
|
| CVE-2010-3970 - Windows Shell Graphics Processing Overrun Vulnerability |
| Description: A remote code execution vulnerability exists in the way that the Windows Shell graphics processor handles specially crafted thumbnail images. |
| MS11-007 – Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376) |
Severity: Critical
Affected Software
- Windows XP
- Windows 2003 Server
- Windows Vista
- Windows Server 2008
|
| CVE-2011-0033 - OpenType Font Encoded Character Vulnerability |
| Description: A remote code execution vulnerability exists in the way that the OpenType Compact Font Format (CFF) driver improperly parses specially crafted OpenType fonts. |
| MS11-008 – Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879) |
Severity: Important
Affected Software
- Visio 2002
- Visio 2003
- Visio 2007
|
| CVE-2011-0092 - Visio Object Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Microsoft Visio validates objects in memory when parsing specially crafted Visio files. |
| CVE-2011-0093 - Visio Data Type Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Microsoft Visio parses certain structures when handling specially crafted Visio files. |
| MS11-009 – Vulnerabilities in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792) |
Severity: Important
Affected Software
- Windows 7
- Windows Server 2008
|
| CVE-2011-0031 - Scripting Engines Information Disclosure Vulnerability |
| Description: An information disclosure vulnerability exists in the Jscript and VBScript scripting engines due to a memory corruption error. |
About Zscaler
Zscaler’s Cloud security solution enforces business policy for web and email, mitigates risk, and provides twice the functionality at a fraction of the cost of traditional solutions. Through a multi-tenant, globally-deployed infrastructure with over 40 data centers, Zscaler enables organizations to create and enforce security policy for every user, on any device, over any network. For more information, visit us at www.zscaler.com. |
Press Contacts:
Paula Dunne
Office: +1-408-776-1400, Mobile: +1-408-893-8750
Paula.Dunne@zscaler.com |
| Zscaler®, and the Zscaler Logo are trademarks of Zscaler, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners. |
| Related Links: |
|
The Cloud Security Company™
