Security Advisory - October 14, 2014

Zscaler Protects against Multiple Memory Corruption in Internet Explorer, ASP.NET MVC Security Bypass, and OLE Remote Code Execution Vulnerability

 

 

Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 17 vulnerabilities included in the October 2014 Microsoft security bulletins.  Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections as necessary.

MS14-056 -Multiple Elevation of Privilege Vulnerabilities in Internet Explorer

Severity: Critical
Affected Software

  • Internet Explorer 6-11

CVE-2014-4123 – Internet Explorer Elevation of Privilege Vulnerability

CVE-2014-4124 – Internet Explorer Elevation of Privilege Vulnerability

Description: Elevation of privilege vulnerabilities exist within Internet Explorer. An attacker who successfully exploited these vulnerabilities could elevate privileges in affected versions of Internet Explorer. These vulnerabilities by themselves do not allow arbitrary code to be run. However, these vulnerabilities could be used in conjunction with another vulnerability (e.g., a remote code execution vulnerability) that could take advantage of the elevated privileges when running arbitrary code.

MS14-056Internet Explorer ASLR Bypass Vulnerability

Severity: Critical
Affected Software

  • Internet Explorer 6-11

CVE-2014-4140 – Internet Explorer ASLR Bypass Vulnerability

Description: A security feature bypass vulnerability exists in Internet Explorer that could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code.

MS14-056Multiple Memory Corruption Vulnerabilities in Internet Explorer

Severity: Critical
Affected Software

  • Internet Explorer 6-11

CVE-2014-4126 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-4127 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-4128 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-4129 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-4130 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-4132 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-4133 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-4134 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-4137 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-4138 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-4141 – Internet Explorer Memory Corruption Vulnerability

Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS14-059Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass

Severity: Important
Affected Software

  • ASP.NET MVC 2.0 - 5.1

CVE-2014-4075 – MVC XSS Vulnerability

Description: A cross-site scripting (XSS) vulnerability exists in ASP.NET MVC that could allow an attacker to inject a client-side script into the user's web browser. The script could spoof content, disclose information, or take any action that the user could take on the site on behalf of the targeted user.

MS14-060Vulnerability in Windows OLE Could Allow Remote Code Execution

Severity: Important
Affected Software

  • Windows Vista SP2
  • Windows Server 2008 SP2
  • Windows 7 SP1
  • Windows 8
  • Windows Server 2012

CVE-2014-4114 – Windows OLE Remote Code Execution Vulnerability

Description: A vulnerability exists in Windows OLE that could allow remote code execution if a user opens a file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MSA-3010060Vulnerability in Windows OLE Could Allow Remote Code Execution
Severity: Important
Affected Software

  • Windows Vista SP2
  • Windows Server 2008 SP2
  • Windows 7 SP1
  • Windows 8
  • Windows Server 2012

CVE-2014-6352 – Windows OLE Remote Code Execution Vulnerability

Description: A vulnerability exists in Windows OLE that could allow remote code execution if a user opens a file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS14-061Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution
Severity: Important
Affected Software

  • Microsoft Office 2007 SP3
  • Microsoft Office 2010 SP1-2
  • Microsoft Office for Mac 2011
  • Microsoft SharePoint Server 2010 SP1-2
  • Microsoft Office Web Apps 2010 SP1-2

CVE-2014-4117 – Microsoft Word File Format Vulnerability

Description: A remote code execution vulnerability exists in way that Microsoft Office software parses certain properties of Microsoft Word files. If an attacker is successful in exploiting this vulnerability, and If the current user is logged on with administrative user rights, the attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.