Security Advisory - February 14, 2012

Zscaler Protects Against Latest Microsoft’s Patch Cycle

 

 

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following sixteen web based, client-side vulnerabilities included in the February 2012 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections as necessary.

MS12-010 – Cumulative Security Update for Internet Explorer (2647516)

Severity: Critical
Affected Software

  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9

CVE-2012-0011 - HTML Layout Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

CVE-2012-0012 - Null Byte Information Disclosure Vulnerability

Description: An information disclosure vulnerability exists in Internet Explorer. During certain processes, Internet Explorer incorrectly allows attackers to access and read content from the process memory.

CVE-2012-0155 HTML Layout Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

MS12-013 – Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428)

Severity: Critical
Affected Software

  • Windows Vista
  • Windows Server 2008
  • Windows 7

CVE-2012-0150 - Msvcrt.dll Buffer Overflow Vulnerability

Description: A remote code execution vulnerability exists in the way that the msvcrt DLL calculates the size of a buffer in memory, allowing data to be copied into memory that has not been properly allocated.

MS12-016 – Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026)

Severity: Critical
Affected Software

  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7

CVE-2012-0014 - .NET Framework Unmanaged Objects Vulnerability

Description: A remote code execution vulnerability exists in Microsoft .NET Framework and Silverlight that can allow a specially crafted Microsoft .NET Framework application to access memory in an unsafe manner.

CVE-2012-0015 - .NET Framework Heap Corruption Vulnerability

Description: A remote code execution vulnerability exists in Microsoft .NET Framework due to it improperly calculating a buffer length while processing specially crafted input.

MS12-011 – Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)

Severity: Important
Affected Software

  • Microsoft Sharepoint Server
  • Microsoft Sharepoint Foundation

CVE-2012-0017 - XSS in inplview.aspx Vulnerability

CVE-2012-0144 - XSS in themeweb.aspx Vulnerability

CVE-2012-0145 XSS in wizardlist.aspx Vulnerability

Description: A cross-site scripting vulnerability exists in Microsoft SharePoint 2010 that could result in information disclosure or elevation of privilege if a user clicks a specially crafted URL containing malicious JavaScript elements.

MS12-012 – Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)

Severity: Important
Affected Software

  • Windows Server 2008

CVE-2010-5082 Color Control Panel Insecure Library Loading Vulnerability

Description: A remote code execution vulnerability exists in the way that the Color Control Panel handles the loading of DLL files.

MS12-014 – Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637)

Severity: Important
Affected Software

  • Windows XP

CVE-2010-3138 - Indeo Codec Insecure Library Loading Vulnerability

Description: A remote code execution vulnerability exists in the way that the Indeo Codec handles the loading of DLL files.

MS12-015 – Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510)

Severity: Important
Affected Software

  • Microsoft Visio Viewer 2010

CVE-2012-0019 - VSD File Format Memory Corruption Vulnerability

CVE-2012-0020 - VSD File Format Memory Corruption Vulnerability

CVE-2012-0136 - VSD File Format Memory Corruption Vulnerability

CVE-2012-0137 - VSD File Format Memory Corruption Vulnerability

CVE-2012-0138 - VSD File Format Memory Corruption Vulnerability

Description: A remote code execution vulnerability exists in the way that Microsoft Visio Viewer validates attributes when handling specially crafted Visio files.