Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following vulnerability included in the November 11, 2013 Microsoft security bulletin. Zscaler will continue to monitor exploits associated with this vulnerability and release and deploy additional protections as necessary.
MS13-90 – Cumulative Security Update of ActiveX Kill Bits
Severity: Critical Affected Software
CVE-2013-3918 – Information Card Signin Helper Vulnerability
Description: A remote code execution vulnerability exists in the Information Card Signin Helper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.