Zscaler to Expand Zero Trust Exchange Platform's AI Cloud with Data Fabric Purpose-built for Security

Zscaler Security Advisories

Security Advisory - December 13, 2011

Zscaler Protects Against Latest Microsoft’s Patch Cycle

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following thirteen web based, client — side vulnerabilities included in the December 2011 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections as necessary.

MS11-089 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2590602)

Severity: Important
Affected Software

  • Microsoft Office 2007
  • Microsoft Office 2010
  • Microsoft Office for Mac 2011

CVE-2011-1983 - Word Use After Free Vulnerability

Description: A remote code execution vulnerability exists in the way that Microsoft Word handles specially crafted Word files.

MS11-091 – Vulnerabilities in Microsoft Publisher Could Allow Elevation of Privilege (2607702)

Severity: Important
Affected Software

  • Microsoft Publisher 2003
  • Microsoft Publisher 2007

CVE-2011-3410 - Publisher Out-of-bounds Array Index Vulnerability

Description: A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files.

CVE-2011-3411 - Publisher Invalid Pointer

Description: A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files.

CVE-2011-3412 - Publisher Memory Corruption Vulnerability

Description: A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files.

MS11-099 –Cumulative Security Update for Internet Explorer (2618444)

Severity: Important
Affected Software

  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9

CVE-2011-1992 - XSS Filter Information Disclosure Vulnerability

Description: An information disclosure vulnerability exists in Internet Explorer. An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone.

CVE-2011-2019 - Internet Explorer Insecure Library Loading Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer handles the loading of DLL files.

MS11-090 –Cumulative Security Update for ActiveX Kill Bits (2618451)

Severity: Critical
Affected Software

  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008

CVE-2011-3397 - Microsoft Time Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the Microsoft Time component.

MS11-093 –Vulnerability in Microsoft Windows OLE32 Could Allow Remote Code Execution (2624667)

Severity: Important
Affected Software

  • Windows XP
  • Windows Server 2003

CVE-2011-3400 - OLE Property Vulnerability

Description: A vulnerability exists in OLE that could lead to remote code execution if a user opens a file that contains a specially crafted OLE object.

MS11-094 – Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)

Severity: Important
Affected Software

  • Microsoft Office 2007
  • Microsoft Office 2010
  • Microsoft Office 2008 for Mac
  • Microsoft PowerPoint Viewer 2007
  • Microsoft Office Compatibility Pack 2007 File Formats

CVE-2011-3396 - PowerPoint Insecure Library Loading Vulnerability

Description:A remote code execution vulnerability exists in the way that Microsoft PowerPoint handles the loading of DLL files.

CVE-2011-3413 -OfficeArt Shape RCE Vulnerability

Description:A remote code execution vulnerability exists in the way that Microsoft PowerPoint handles specially crafted PowerPoint files.

MS11-087 – Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2639417)

Severity: Critical
Affected Software

  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7

CVE-2011-3402 - TrueType Font Parsing Vulnerability

Description:A remote code execution vulnerability exists in the Windows kernel due to improper handling of a specially crafted TrueType font file.

MS11-096 – Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)

Severity: Important
Affected Software

  • Microsoft Office 2003
  • Microsoft Office 2004 for Mac

CVE-2011-3403 - Record Memory Corruption Vulnerability

Description:A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files.

MS11-092 – Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)

Severity: Critical
Affected Software

  • Windows XP
  • Windows Vista
  • Windows 7

CVE-2011-3401 - Windows Media Player DVR-MS Memory Corruption Vulnerability

Description:A remote code execution vulnerability exists in the way that Windows Media Player and Windows Media Center handle .dvr-ms files.