| Zscaler Provides Immediate Vulnerability Protection in the Face of Microsoft’s Largest Ever Patch Cycle |
|
Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 16 web based, client-side vulnerabilities included in the October 2010 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections as necessary.
|
| MS10-071 – Cumulative Security Update for Internet Explorer (2360131) |
Severity: Critical
Affected Software
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
|
| CVE-2010-3243 HTML Sanitization Vulnerability |
| Description: An information disclosure vulnerability exists in the way that the toStaticHTML API sanitizes HTML, that could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user. |
| CVE-2010-3324 HTML Sanitization Vulnerability |
| Description: An information disclosure vulnerability exists in the way that the toStaticHTML API sanitizes HTML that could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user. |
| CVE-2010-3325 CSS Special Character Information Disclosure Vulnerability |
| Description: An information disclosure vulnerability exists in the way that Internet Explorer processes CSS special characters. |
| CVE-2010-3326 Uninitialized Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. |
| CVE-2010-3328 Uninitialized Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. |
| CVE-2010-3329 Uninitialized Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted when a document in an HTML format is opened in Microsoft Word. |
| CVE-2010-3330 Cross-Domain Information Disclosure Vulnerability |
| Description: An information disclosure vulnerability exists in Internet Explorer that could allow script to gain access to information in another domain or Internet Explorer zone. |
| CVE-2010-3331 Uninitialized Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. |
| MS10-072 – Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048) |
Severity: Critical
Affected Software
- Microsoft SharePoint Server
|
| CVE-2010-3243 HTML Sanitization Vulnerability |
| Description: An information disclosure vulnerability exists in the way that the toStaticHTML API sanitizes HTML, that could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user. |
| CVE-2010-3324 HTML Sanitization Vulnerability |
| Description: An information disclosure vulnerability exists in the way that the toStaticHTML API sanitizes HTML, that could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user. |
| MS10-076 – Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132) |
Severity: Critical
Affected Software
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
|
| CVE-2010-1883 Embedded OpenType Font Integer Overflow Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Microsoft Windows Embedded OpenType (EOT) font technology parses certain tables in specially crafted embedded fonts. |
| MS10-078 – Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986) |
Severity: Important
Affected Software
- Windows XP
- Windows Server 2003
|
| CVE-2010-2740 OpenType Font Parsing Vulnerability |
| Description: An elevation of privilege vulnerability exists in the way that the Windows OpenType Font (OTF) format driver improperly parses specially crafted OpenType fonts. |
| CVE-2010-2741 OpenType Font Validation Vulnerability |
| Description: An elevation of privilege vulnerability exists in the way that the Windows OpenType Font (OTF) format driver improperly validates specially crafted OpenType fonts. |
| MS10-079 – Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194) |
Severity: Important
Affected Software
- Microsoft Office XP
- Microsoft Office 2003
- Microsoft Office 2007
- Microsoft Office 2010
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
|
| CVE-2010-3214 Word Stack Overflow Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Microsoft Word handles stack validation when parsing a specially crafted Word file. |
| MS10-080 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2293211) |
Severity: Important
Affected Software
- Microsoft Office XP
- Microsoft Office 2003
- Microsoft Office 2007
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
|
| CVE-2010-3230 Excel Record Parsing Integer Overflow Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files. |
| MS10-082 – Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111) |
Severity: Important
Affected Software
- Windows XP
- Windows Server 2003
- Windows Server 2008
- Windows Vista
- Windows 7
|
| CVE-2010-2745 Windows Media Player Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that the Windows Media Player deallocates objects during a reload operation via a Web browser. |
About Zscaler
Through a multi-tenant, globally-deployed infrastructure, Zscaler enforces business policy, mitigates risk, and provides twice the functionality at a fraction of the cost of current solutions. It enables organizations to provide the right access to the right users, from any place and on any device, while empowering the end-user with a rich Internet experience. For more information, visit us at www.zscaler.com. |
Press Contacts:
Paula Dunne
Office: +1-408-776-1400, Mobile: +1-408-893-8750
Paula.Dunne@zscaler.com |
| Zscaler®, and the Zscaler Logo are trademarks of Zscaler, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners. |
| Related Links: |
|
| |
The Cloud Security Company™
