| Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for twenty-two web based, client side vulnerabilities included in the June 2011 Microsoft patch cycle. Zscaler will continue to monitor exploits associated with this release and deploy additional protections as necessary. |
| MS11-037 – Vulnerability in MHTML Could Allow Information Disclosure (2544893) |
Severity: Important
Affected Software
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
|
| CVE-2011-1894 - MHTML Mime-Formatted Request Vulnerability |
| Description: An information disclosure vulnerability exists in the way that MHTML interprets MIME-formatted requests for content that are embedded in an HTML document. |
| MS11-038 – Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490) |
Severity: Critical
Affected Software
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
|
| CVE-2011-0658 - OLE Automation Underflow Vulnerability |
| Description: A remote code execution vulnerability exists in Object Linking and Embedding (OLE) Automation. |
| MS11-041 – Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694) |
Severity: Critical
Affected Software
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
Windows 7 |
| CVE-2011-1873 - Win32k OTF Validation Vulnerability |
| Description: A remote code execution vulnerability exists due to the way that the Windows kernel-mode driver improperly parses specially crafted OpenType fonts on x64-based and Itanium-based systems. |
| MS11-045 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146) |
Severity: Important
Affected Software
- Microsoft Office XP
- Microsoft Office 2003
- Microsoft Office 2007
- Microsoft Office 2010
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Microsoft Office for Mac 2011
|
CVE-2011-1272 - Excel Insufficient Record Validation
CVE-2011-1273 - Excel Improper Record Parsing Vulnerability
CVE-2011-1274 - Excel Out of Bounds Array Access Vulnerability
CVE-2011-1275 - Excel Memory Heap Overwrite Vulnerability
CVE-2011-1276 - Excel Buffer Overrun Vulnerability
CVE-2011-1277 - Excel Memory Corruption Vulnerability
CVE-2011-1278 - Excel WriteAV Vulnerability
CVE-2011-1279 - Excel Out of Bounds WriteAV Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files. |
| MS11-046 – Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665) |
Severity: Important
Affected Software
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
|
| CVE-2011-1249 - Ancillary Function Driver Elevation of Privilege Vulnerability |
| Description: An elevation of privilege vulnerability exists where the Ancillary Function Driver (afd.sys) improperly validates input passed from user mode to the kernel. |
| MS11-049 – Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893) |
Severity: Important
Affected Software
- Microsoft InfoPath 2007
- Microsoft InfoPath 2010
- SQL Server 2005
- SQL Server 2005 Express Edition
- SQL Server Management Studio Express
- SQL Server 2008
- Microsoft Visual Studio 2005
- Microsoft Visual Studio 2008
- Microsoft Visual Studio 2010
|
| CVE-2011-1280 - XML External Entities Resolution Vulnerability |
| Description: An information disclosure vulnerability exists in the way that Microsoft XML Editor handles specially crafted XML files. |
| MS11-050 – Cumulative Security Update for Internet Explorer (2530548) |
Severity: Critical
Affected Software
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
|
| CVE-2011-1252 - toStaticHTML Information Disclosure Vulnerability |
| Description: An information disclosure vulnerability exists in the way that Internet Explorer handles content using specific strings when sanitizing HTML. |
CVE-2011-1250 - Link Properties Handling Memory Corruption Vulnerability
CVE-2011-1251 - DOM Manipulation Memory Corruption Vulnerability
CVE-2011-1254 - Drag and Drop Memory Corruption Vulnerability
CVE-2011-1255 - Time Element Memory Corruption Vulnerability
CVE-2011-1260 - Layout Memory Corruption Vulnerability
CVE-2011-1261 - Selection Object Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. |
| MS11-051 – Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295) |
Severity: Important
Affected Software
- Windows Server 2003
- Windows Server 2008
|
| CVE-2011-1264 - Active Directory Certificate Services Vulnerability |
| Description: A reflected XSS vulnerability exists in Active Directory Certificate Services Web Enrollment that could allow an attacker to inject a client-side script into the user's instance of Internet Explorer. |
| MS11-052 – Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521) |
Severity: Critical
Affected Software
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
|
| CVE-2011-1266 - VML Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. |
About Zscaler
Zscaler’s Cloud security solution enforces business policy for web and email, mitigates risk, and provides twice the functionality at a fraction of the cost of traditional solutions. Through a multi-tenant, globally-deployed infrastructure with over 40 data centers, Zscaler enables organizations to create and enforce security policy for every user, on any device, over any network. For more information, visit us at www.zscaler.com. |
Press Contacts:
Paula Dunne
Office: +1-408-776-1400, Mobile: +1-408-893-8750
Paula.Dunne@zscaler.com |
| Zscaler®, and the Zscaler Logo are trademarks of Zscaler, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners. |
| Related Links: |
|
The Cloud Security Company™
