Security Advisory - September 21, 2012

Zscaler Protects Against Microsoft’s Out-of-Band Security Update

 

 

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following web based, client-side vulnerability included in their latest out-of-band security update. Zscaler will continue to monitor exploits associated with all vulnerabilities in this update and deploy additional protections as necessary.

MS12-063 – Cumulative Security Update for Internet Explorer (2744842

Severity: Critical
Affected Software

  • Microsoft Internet Explorer 6
  • Microsoft Internet Explorer 7
  • Microsoft Internet Explorer 8
  • Microsoft Internet Explorer 9

CVE-2012-1529 - OnMove Use After Free Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has not been correctly initialized or has been deleted.

CVE-2012-2546 - Event Listener Use After Free Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory in such a way that an attacker could execute arbitrary code in the context of the current user.

CVE-2012-2548 - Layout Use After Free Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted.

CVE-2012-2557 - cloneNode Use After Free Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted.

CVE-2012-4969 - execCommand Use After Free Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted.