|
Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following three web based, client-side vulnerabilities included in the September 2010 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections as necessary.
|
| MS10-062 – Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution (975558) |
Severity: Critical
Affected Software
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
|
| CVE-2010-0818 - MPEG-4 Codec Vulnerability |
| Description: A remote code execution vulnerability exists in the way that the MPEG-4 codec handles supported format files. This vulnerability could allow code execution when a user opens a specially crafted media file. |
| MS10-063 – Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2320113) |
Severity: Critical
Affected Software
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Microsoft Office XP
- Microsoft Office 2003
- Microsoft Office 2007
|
| CVE-2010-2738 - Uniscribe Font Parsing Engine Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in affected versions of Microsoft Windows and Microsoft Office. The vulnerability exists because Windows and Office incorrectly parses specific font types, which could lead to remote code execution. |
| MS10-067 – Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2259922) |
Severity: Important
Affected Software
- Windows XP
- Windows Server 2003
|
| CVE-2010-2563 - WordPad Word 97 Text Converter Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Microsoft WordPad processes memory when parsing a specially crafted Word 97 document. The vulnerability could allow remote code execution when a user opens a specially crafted Word file that includes a malformed structure. |
About Zscaler
Through a multi-tenant, globally-deployed infrastructure, Zscaler enforces business policy, mitigates risk, and provides twice the functionality at a fraction of the cost of current solutions. It enables organizations to provide the right access to the right users, from any place and on any device, while empowering the end-user with a rich Internet experience. For more information, visit us at www.zscaler.com. |
Press Contacts:
Paula Dunne
Office: +1-408-776-1400, Mobile: +1-408-893-8750
Paula.Dunne@zscaler.com |
| Zscaler®, and the Zscaler Logo are trademarks of Zscaler, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners. |
| Related Links: |
|
| |
The Cloud Security Company™
