Security Advisory –January 28, 2011
Zscaler Provides Protection for 0day Vulnerability in Microsoft Internet Explorer MHTML Protocol Handler
Microsoft today informed Zscaler Labs, via the MAPPs program, of an unpatched 0day vulnerability in Internet Explorer that allows an attacker to inject client side script into a web server response. The vulnerability exists within the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler for all current versions of Internet Explorer. Successful exploitation would be similar to that of a cross-site scripting (XSS) attack and could result in an attacker spoofing content, hijacking session credentials, disclosing information, etc. Publicly available exploit code exists for this attack but targeted attacks have not yet been seen in the wild.
While Microsoft has issued a security advisory for this vulnerability and recommended workarounds, a patch is not presently available, and it is not known when one will be issued. In the meantime, Zscaler has deployed protections for this vulnerability, ensuring that Zscaler customers are shielded from attack without the need to take further action. We will continue to monitor the issue and provide additional protections as warranted. A preliminary analysis of Zscaler logs has not revealed any attacks on Zscaler customers to this point.
2501696 – Microsoft Security Advisory: Vulnerability in Internet Explorer Could Allow Remote Code Execution
CVE: CVE-2011-0096
Affected Software
  • Windows 7
  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
About Zscaler
Through a multi-tenant, globally-deployed infrastructure, Zscaler enforces business policy, mitigates risk, and provides twice the functionality at a fraction of the cost of current solutions. It enables organizations to provide the right access to the right users, from any place and on any device, while empowering the end-user with a rich Internet experience. For more information, visit us at www.zscaler.com.
Press Contacts:
Paula Dunne
Office: +1-408-776-1400, Mobile: +1-408-893-8750
Paula.Dunne@zscaler.com
Zscaler®, and the Zscaler Logo are trademarks of Zscaler, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.
Related Links:
Contact Sales
Resources

More
Lunch and
Learn Seminar
What Hackers Know That You Don't About iPads & Facebook
Live Webcast
Selecting the Right    Secure Web Gateway for a Mobile and
Social World
  Find us online    
 
[+] Zscaler Quick Links - Software as a Service - Secure Email and Web Gateway
© 2009-2012 Zscaler, Inc. All rights reserved. |  Privacy Policy | Acceptable Use Policy | Site Map