Zero trust security

Make it possible

Your Mission

 

Security Advisory - November 12, 2013

Zscaler Protects against Memory Corruption in Internet Explorer/Microsoft Word Memory Corruption and Zero-Day Exploits in ActiveX Class ‘InformationCardSigninHelper’

 

 

Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 13 vulnerabilities included in the November 2013 Microsoft security bulletins.  Zscaler will continue to monitor exploits associated with all vulnerabilities in the November release and deploy additional protections as necessary.

MS13-088Cumulative Security Update for Internet Explorer
Severity: Critical
Affected Software:

  • Internet Explorer 6-11

CVE-2013-3871 – Internet Explorer Memory Corruption Vulnerability
CVE-2013-3908 – Internet Explorer Information Disclosure Vulnerability
CVE-2013-3910 – Internet Explorer Memory Corruption Vulnerability
CVE-2013-3911 – Internet Explorer Memory Corruption Vulnerability
CVE-2013-3912 – Internet Explorer Memory Corruption Vulnerability
CVE-2013-3914 – Internet Explorer Memory Corruption Vulnerability
CVE-2013-3915 – Internet Explorer Memory Corruption Vulnerability
CVE-2013-3916 – Internet Explorer Memory Corruption Vulnerability
CVE-2013-3917 – Internet Explorer Memory Corruption Vulnerability

Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses an object in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.  There is also an information disclosure vulnerability that exists in the way that Internet Explorer handles specially crafted web content when generating print previews. An attacker who successfully exploited this vulnerability could gather information from any page that the victim is viewing.

MS13-089Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution
Severity: Critical
Affected Software:

  • Windows XP (All Versions)
  • Microsoft Server 2003 (All Versions)
  • Microsoft Vista (All Versions)
  • Microsoft Server 2008 (All Versions)
  • Windows 7 (All Versions)
  • Windows 8 (All Versions)
  • Windows Server 2012 (All Versions)

CVE-2013-3940 – Graphics Device Interface Integer Overflow Vulnerability

Description: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) processes specially crafted Windows Write files in WordPad. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS13-090Cumulative Security Update of ActiveX Kill Bits
Severity: Critical
Affected Software:

  • Windows XP (All Versions)
  • Microsoft Server 2003 (All Versions)
  • Microsoft Vista (All Versions)
  • Microsoft Server 2008 (All Versions)
  • Windows 7 (All Versions)
  • Windows 8 (All Versions)
  • Windows Server 2012 (All Versions)

CVE-2013-3918 – InformationCardSigninHelper Vulnerability

Description: A remote code execution vulnerability exists in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

MS13-091Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
Severity: Important
Affected Software:

  • Microsoft Office 2003 (All Versions)
  • Microsoft Office 2007 (All Versions)
  • Microsoft Office Compatibility Pack (All Versions)

CVE-2013-1324 – Word Stack Buffer Overwrite Vulnerability
CVE-2013-1325 – Word Heap Overwrite Vulnerability

Description: A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted WordPerfect document files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.