Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following 12 vulnerabilities included in the March 2013 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the March release and deploy additional protections as necessary.
MS13-024 – Vulnerabilities in SharePoint Could Allow Elevation of Privilege
CVE-2013-0080 Callback Function Vulnerability
CVE-2013-0083 SharePoint XSS Vulnerability
CVE-2013-0084 SharePoint Directory Traversal Vulnerability
Description: An elevation of privilege exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could allow an attacker, after obtaining sensitive system data, elevate their access to the server.
MS13-023 – Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution
CVE-2013-0079 Visio Viewer Tree Object Type Confusion Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Visio Viewer handles memory when rendering specially crafted Visio files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
MS13-021 – Cumulative Security Update for Internet Explorer
CVE-2013-0087 Internet Explorer OnResize Use After Free Vulnerability
CVE-2013-0088 Internet Explorer saveHistory Use After Free Vulnerability
CVE-2013-0089 Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability
CVE-2013-0090 Internet Explorer CCaret Use After Free Vulnerability
CVE-2013-0091 Internet Explorer CElement Use After Free Vulnerability
CVE-2013-0092 Internet Explorer GetMarkupPtr Use After Free Vulnerability
CVE-2013-0093 Internet Explorer onBeforeCopy Use After Free Vulnerability
Description: The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.
MS13-025 – Vulnerability in Microsoft OneNote Could Allow Information Disclosure
CVE-2013-0086 Buffer Size Validation Vulnerability
Description: An information disclosure vulnerability exists in the way that Microsoft OneNote allocates memory from parsing a specially crafted OneNote (.ONE) file.