Zero trust security

Make it possible

Your Mission

 

Security Advisory - February 08, 2011

Zscaler Provides Immediate Vulnerability Protection in the Face of Microsoft Patch Cycle

 

 

Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for nine web based, client side vulnerabilities included in the February 2011 Microsoft patch cycle. Zscaler will continue to monitor exploits associated with this release and deploy additional protections as necessary.

MS11-003 – Cumulative Security Update for Internet Explorer (2482017)

Severity: Critical
Affected Software

  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8

CVE-2010-3971 - CSS Memory Corruption Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses memory, while importing a Cascading Style Sheet that refers to itself recursively.

CVE-2011-0035 - Uninitialized Memory Corruption Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted.

CVE-2011-0036 - Uninitialized Memory Corruption Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted.

CVE-2011-0038 - Internet Explorer Insecure Library Loading Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer handles the loading of DLL files.

MS11-006 – Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)

Severity: Critical
Affected Software

  • Windows XP
  • Windows 2003 Server
  • Windows Vista
  • Windows Server 2008

CVE-2010-3970 - Windows Shell Graphics Processing Overrun Vulnerability

Description: A remote code execution vulnerability exists in the way that the Windows Shell graphics processor handles specially crafted thumbnail images.

MS11-007 – Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376)

Severity: Critical
Affected Software

  • Windows XP
  • Windows 2003 Server
  • Windows Vista
  • Windows Server 2008

CVE-2011-0033 - OpenType Font Encoded Character Vulnerability

Description: A remote code execution vulnerability exists in the way that the OpenType Compact Font Format (CFF) driver improperly parses specially crafted OpenType fonts.

MS11-008 – Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879)

Severity: Important
Affected Software

  • Visio 2002
  • Visio 2003
  • Visio 2007

CVE-2011-0092 - Visio Object Memory Corruption Vulnerability

Description: A remote code execution vulnerability exists in the way that Microsoft Visio validates objects in memory when parsing specially crafted Visio files.

CVE-2011-0093 - Visio Data Type Memory Corruption Vulnerability

Description: A remote code execution vulnerability exists in the way that Microsoft Visio parses certain structures when handling specially crafted Visio files.

MS11-009 – Vulnerabilities in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792)

Severity: Important
Affected Software

  • Windows 7
  • Windows Server 2008

CVE-2011-0031 - Scripting Engines Information Disclosure Vulnerability

Description: An information disclosure vulnerability exists in the Jscript and VBScript scripting engines due to a memory corruption error.