Security Advisory - December 13, 2011

Zscaler Protects Against Latest Microsoft’s Patch Cycle

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following thirteen web based, client — side vulnerabilities included in the December 2011 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections as necessary.

MS11-089 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2590602)

Severity: Important
Affected Software

Microsoft Office 2007
Microsoft Office 2010
Microsoft Office for Mac 2011

CVE-2011-1983 - Word Use After Free Vulnerability

Description: A remote code execution vulnerability exists in the way that Microsoft Word handles specially crafted Word files.

MS11-091 – Vulnerabilities in Microsoft Publisher Could Allow Elevation of Privilege (2607702)

Severity: Important
Affected Software

Microsoft Publisher 2003
Microsoft Publisher 2007

CVE-2011-3410 - Publisher Out-of-bounds Array Index Vulnerability

Description: A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files.

CVE-2011-3411 - Publisher Invalid Pointer

Description: A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files.

CVE-2011-3412 - Publisher Memory Corruption Vulnerability

Description: A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files.

MS11-099 –Cumulative Security Update for Internet Explorer (2618444)

Severity: Important
Affected Software

Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9

CVE-2011-1992 - XSS Filter Information Disclosure Vulnerability

Description: An information disclosure vulnerability exists in Internet Explorer. An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone.

CVE-2011-2019 - Internet Explorer Insecure Library Loading Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer handles the loading of DLL files.

MS11-090 –Cumulative Security Update for ActiveX Kill Bits (2618451)

Severity: Critical
Affected Software

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008

CVE-2011-3397 - Microsoft Time Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the Microsoft Time component.

MS11-093 –Vulnerability in Microsoft Windows OLE32 Could Allow Remote Code Execution (2624667)

Severity: Important
Affected Software

Windows XP
Windows Server 2003

CVE-2011-3400 - OLE Property Vulnerability

Description: A vulnerability exists in OLE that could lead to remote code execution if a user opens a file that contains a specially crafted OLE object.

MS11-094 – Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)

Severity: Important
Affected Software

Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2008 for Mac
Microsoft PowerPoint Viewer 2007
Microsoft Office Compatibility Pack 2007 File Formats

CVE-2011-3396 - PowerPoint Insecure Library Loading Vulnerability

Description:A remote code execution vulnerability exists in the way that Microsoft PowerPoint handles the loading of DLL files.

CVE-2011-3413 -OfficeArt Shape RCE Vulnerability

Description:A remote code execution vulnerability exists in the way that Microsoft PowerPoint handles specially crafted PowerPoint files.

MS11-087 – Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2639417)

Severity: Critical
Affected Software

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7

CVE-2011-3402 - TrueType Font Parsing Vulnerability

Description:A remote code execution vulnerability exists in the Windows kernel due to improper handling of a specially crafted TrueType font file.

MS11-096 – Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)

Severity: Important
Affected Software

Microsoft Office 2003
Microsoft Office 2004 for Mac

CVE-2011-3403 - Record Memory Corruption Vulnerability

Description:A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files.

MS11-092 – Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)

Severity: Critical
Affected Software

Windows XP
Windows Vista
Windows 7

CVE-2011-3401 - Windows Media Player DVR-MS Memory Corruption Vulnerability

Description:A remote code execution vulnerability exists in the way that Windows Media Player and Windows Media Center handle .dvr-ms files.

Zscaler named a Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge

Your world, secured

Zscaler: A Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge (SSE)

The Zscaler Difference

Zero Trust Fundamentals

Secure Your Users

Secure Your Workloads

Secure Your IoT and OT

Products

Solution Areas

Zero Trust Exchange Platform

Transform with Zero Trust Architecture

Secure Your Business Goals

Learn, Connect, and Get Support.

Resource Center

Events & Trainings

Security Research & Services

Tools

Community & Support

Industry & Market Solutions

About Zscaler

Partners

News & Announcements

Leadership Team

Partner Integrations

Investor Relations

Environmental, Social & Governance

Careers

Press Center

Compliance

Zenith Ventures

Security Advisory - December 13, 2011

Zscaler Protects Against Latest Microsoft’s Patch Cycle