Security Advisory - November 11, 2013
Zscaler Protects Against Zero-Day Vulnerability in Information Card Signin Helper Active X Control
Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following vulnerability included in the November 11, 2013 Microsoft security bulletin. Zscaler will continue to monitor exploits associated with this vulnerability and release and deploy additional protections as necessary.
MS13-90 – Cumulative Security Update of ActiveX Kill Bits
- Windows XP (All Versions)
- Microsoft Server 2003 (All Versions)
- Microsoft Vista (All Versions)
- Microsoft Server 2008 (All Versions)
- Windows 7 (All Versions)
- Windows 8 (All Versions)
- Windows Server 2012 (All Versions)
CVE-2013-3918 – Information Card Signin Helper Vulnerability
Description: A remote code execution vulnerability exists in the Information Card Signin Helper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.