Security Advisory - November 11, 2013

Zscaler Protects Against Zero-Day Vulnerability in Information Card Signin Helper Active X Control

 

 

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following vulnerability included in the November 11, 2013 Microsoft security bulletin.  Zscaler will continue to monitor exploits associated with this vulnerability and release and deploy additional protections as necessary.

MS13-90 Cumulative Security Update of ActiveX Kill Bits

Severity: Critical
Affected Software

  • Windows XP (All Versions)
  • Microsoft Server 2003 (All Versions)
  • Microsoft Vista (All Versions)
  • Microsoft Server 2008 (All Versions)
  • Windows 7 (All Versions)
  • Windows 8 (All Versions)
  • Windows Server 2012 (All Versions)

CVE-2013-3918Information Card Signin Helper Vulnerability

Description: A remote code execution vulnerability exists in the Information Card Signin Helper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.