Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for two web based, client side vulnerabilities included in the May 2011 Microsoft patch cycle. Zscaler will continue to monitor exploits associated with this release and deploy additional protections as necessary.

MS11-036 – Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2545814)

Severity: Important
Affected Software

• Microsoft Office XP
• Microsoft Office 2003
• Microsoft Office 2007
• Microsoft Office 2004 for Mac
• Microsoft Office 2008 for Mac

CVE-2011-1269 Presentation Memory Corruption RCE Vulnerability

Description: A vulnerability exists when Microsoft PowerPoint does not properly handle memory during function calls while parsing a specially crafted PowerPoint file.

CVE-2011-1270 Presentation Buffer Overrun RCE Vulnerability

Description: A vulnerability exists when Microsoft PowerPoint encounters a memory handling error while parsing a specially crafted PowerPoint file.