Global leaders are coming to Zenith Live. Are you? Learn More
Global leaders are coming to Zenith Live. Are you?
Learn More

 

Security Advisory - June 12, 2012

Zscaler Protects Against Latest Microsoft’s Patch Cycle

 

 

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following seventeen web based, client-side vulnerabilities included in the June 2012 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections as necessary.

MS12-037 – Cumulative Security Update for Internet Explorer (2699988)

Severity: Critical
Affected Software

  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9

CVE-2012-1523 - Center Element Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

CVE-2012-1858 - HTML Sanitization Vulnerability

Description: An information disclosure vulnerability exists in the way that Internet Explorer handles content using specific strings when sanitizing HTML.

CVE-2012-1873 - Null Byte Information Disclosure Vulnerability

Description: An information disclosure vulnerability exists in Internet Explorer that could allow an attacker to gain access and read Internet Explorer's process memory.

CVE-2012-1874 - Developer Toolbar Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

CVE-2012-1875 - Same ID Property Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

CVE-2012-1876 - Col Element Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that does not exist.

CVE-2012-1877 - Title Element Change Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

CVE-2012-1878 - On Before Deactivate Event Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

CVE-2012-1879 - insert Adjacent Text Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an undefined memory location.

CVE-2012-1880 - insert Row Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

CVE-2012-1881 - On Rows Inserted Event Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

MS12-038 – Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)

Severity: Critical
Affected Software

  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7

CVE-2012-1855 - .NET Framework Memory Access Vulnerability

Description: A remote code execution vulnerability exists in the Microsoft .NET Framework due to the improper execution of a function pointer.

MS12-039 – Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)

Severity: Important
Affected Software

  • Microsoft Communicator 2007
  • Microsoft Lync 2010

CVE-2011-3402 - TrueType Font Parsing Vulnerability

Description: A remote code execution vulnerability exists in the way that affected components handle shared content that contains specially crafted TrueType fonts.

CVE-2012-0159 - TrueType Font Parsing Vulnerability

Description: A remote code execution vulnerability exists in the way that affected components handle shared content that contains specially crafted TrueType fonts.

CVE-2012-1858 - HTML Sanitization Vulnerability

Description: An information disclosure vulnerability exists in the way that HTML is filtered that could allow an attacker to perform cross-site scripting attacks and run script in the security context of the current user.

MS12-040 – Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)

Severity: Important
Affected Software

  • Microsoft Dynamics AX 2012

CVE-2012-1857 - Dynamics AX Enterprise Portal XSS Vulnerability

Description: A cross-site scripting vulnerability exists in Microsoft Dynamics AX Enterprise Portal that could result in information disclosure or elevation of privilege if a user clicks a specially crafted URL that contains malicious JavaScript elements.

Microsoft Security Advisory (2719615)

Affected Software

  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Microsoft Office 2003
  • Microsoft Office 2007

CVE-2012-1889 - Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution

Description: A vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.