Security Advisory - May 08, 2012
Zscaler Protects Against Latest Microsoft’s Patch Cycle
Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following web based, client-side vulnerability included in the May 2012 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the May release and deploy additional protections as necessary.
MS12-029 – Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)
Severity: Critical
Affected Software
- Microsoft Word 2003
- Microsoft Word 2007
- Microsoft Office 2008 for Mac
- Microsoft Office for Mac 2011
CVE-2012-0183 - RTF Mismatch Vulnerability
Description: A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted Rich Text Format (RTF) data.
MS12-030 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830)
Severity: Important
Affected Software
- Microsoft Office 2003
- Microsoft Office 2007
- Microsoft Office 2010
- Microsoft Office 2008 for Mac
- Microsoft Office for Mac 2011
CVE-2012-0141-Excel File Format Memory Corruption Vulnerability
CVE-2012-0142-Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability
CVE-2012-0143-Excel Memory Corruption Using Various Modified Bytes Vulnerability
CVE-2012-0184-Excel SXLI Record Memory Corruption Vulnerability
CVE-2012-0185-Excel MergeCells Record Heap Overflow Vulnerability
CVE-2012-1847-Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files.
MS12-031 – Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)
Severity: Critical
Affected Software
- Microsoft Visio Viewer 2010
CVE-2012-0018 - VSD File Format Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Visio validates attributes when handling specially crafted Visio files.
MS12-034 – Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)
Severity: Critical
Affected Software
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Microsoft Office 2003
- Microsoft Office 2007
- Microsoft Office 2010
- Microsoft Silverlight 4
- Microsoft Silverlight 5
CVE-2012-0165 - GDI+ Record Type Vulnerability
Description: A remote code execution vulnerability exists in the way that GDI+ handles validation of specially crafted EMF images.
CVE-2012-0167 - GDI+ Heap Overflow Vulnerability
Description: A remote code execution vulnerability exists in the way that the Office GDI+ library handles validation of specially crafted EMF images embedded within an Office document.
CVE-2012-0159 - TrueType Font Parsing Vulnerability
Description: A remote code execution vulnerability exists in the way that affected components handle a specially crafted TrueType font file.
CVE-2011-3402 - TrueType Font Parsing Vulnerability
Description: A remote code execution vulnerability exists in the way that affected components handle a specially crafted TrueType font file.
MS12-035 – Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)
Severity: Critical
Affected Software
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
CVE-2012-0161 .NET Framework Serialization Vulnerability
Description: A remote code execution vulnerability exists in the Microsoft .NET Framework due to the improper serialization of untrusted input through partially trusted assemblies.