Security Advisory - November 13, 2012

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following web based, client-side vulnerability included in the November 2012 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the November release and deploy additional protections as necessary. .

MS12-071 – Cumulative Security Update for Internet Explorer (2761451)

Severity: Critical
Affected Software

• Internet Explorer 9

CVE-2012-1538 - CFormElement Use After Free Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted.

CVE-2012-1539 - CTreePos Use After Free Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted.

CVE-2012-4775 - CTreeNode Use After Free Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted.

MS12-072 – Vulnerabilities in Windows Shell Could Allow Remote Code Execution (2727528)

Severity: Critical
Affected Software

• Windows XP
• Windows server 2003
• Windows Vista
• Windows Server 2008
• Windows 7
• Windows 8
• Windows Server 2012

CVE-2012-1527 - Windows Briefcase Integer Underflow Vulnerability

Description: A remote code execution vulnerability exists in the Briefcase feature in Windows. An attacker could exploit the vulnerability by convincing a user to open a specially crafted briefcase.

CVE-2012-1528 - Windows Briefcase Integer Overflow Vulnerability

Description: A remote code execution vulnerability exists in the Briefcase feature in Windows. An attacker could exploit the vulnerability by convincing a user to open a specially crafted briefcase.

MS12-074 – Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030)

Severity: Critical
Affected Software

• Microsoft .NET Framework

CVE-2012-2519 - .NET Framework Insecure Library Loading Vulnerability

Description: A remote code execution vulnerability exists in the way that the Microsoft .NET Framework handles the loading of DLL files.

CVE-2012-4776 - Web Proxy Auto-Discovery Vulnerability

Description: A remote code execution vulnerability exists in the way that the Microsoft .NET Framework retrieves the default web proxy settings.

MS12-075 – Vulnerabilities in Windows Kernel-­‐Mode Drivers Could Allow Remote Code Execution (2761226)

Severity: Critical
Affected Software

• Windows XP
• Windows Server 2003
• Windows Vista
• Windows Server 2008
• Windows 7
• Windows 8
• Windows Server 2012

CVE-2012-2897 - TrueType Font Parsing Vulnerability

Description: A remote code execution vulnerability exists in the way that affected components handle a specially crafted TrueType font file.

MS12-076 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2720184)

Severity: Important
Affected Software

• Microsoft Office 2003
• Microsoft Office 2007
• Microsoft Office 2010
• Microsoft Office 2008 for Mac
• Microsoft Office 2011 for Mac

CVE-2012-1885 - Excel SerAuxErrBar Heap Overflow Vulnerability

Description: A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files.

CVE-2012-1886 - Excel Memory Corruption Vulnerability

Description: A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files.

CVE-2012-1887 - Excel SST Invalid Length Use After Free Vulnerability

Description: A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files.

CVE-2012-2543 - Excel Stack Overflow Vulnerability

Description: A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files.