Global leaders are coming to Zenith Live. Are you? Learn More
Global leaders are coming to Zenith Live. Are you?
Learn More

 

Security Advisory - September 13, 2011

Zscaler Provides Immediate Vulnerability Protection for September 2011 Microsoft Patch Cycle

 

 

Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for thirteen web-based vulnerabilities included in the September 2011 Microsoft patch cycle. Zscaler will continue to monitor exploits associated with this release and deploy additional protections as necessary.

MS11-071– Vulnerability in Windows Components Could Allow Remote Code Execution (KB2570947)

Severity: Important
Affected Software

  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7

CVE-2011-1991 – Windows Components Insecure Library Loading Vulnerability

Description: A remote code execution vulnerability exists in the way that certain Windows components handle the loading of DLL files.

MS11-072 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (KB2587505)

Severity: Important
Affected Software

  • Microsoft Office 2003
  • Microsoft Office 2007
  • Microsoft Office 2010
  • Microsoft Office 2004 for Mac
  • Microsoft Office 2008 for Mac
  • Microsoft Office for Mac 2011
  • Microsoft Office SharePoint Server 2007
  • Microsoft Office SharePoint Server 2010
  • Microsoft Office Web Apps 2010

CVE-2011-1986Excel Use after Free WriteAV Vulnerability

CVE-2011-1987Excel Out of Bounds Array Indexing Vulnerability

CVE-2011-1988Excel Heap Corruption Vulnerability

CVE-2011-1989Excel Conditional Expression Parsing Vulnerability

CVE-2011-1990 Excel Out of Bounds Array Indexing Vulnerability

Description: A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files.

MS11-073 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (KB2587634)

Severity: Important
Affected Software

  • Microsoft Office 2003
  • Microsoft Office 2007
  • Microsoft Office 2010

CVE-2011-1982Office Uninitialized Object Pointer Vulnerability

Description:A remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Word files.

MS11-074 – Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (KB2451858)

Severity: Important
Affected Software

  • Microsoft Office Groove 2007
  • Microsoft SharePoint Workspace 2010
  • Microsoft Office Forms Server 2007
  • Microsoft Office SharePoint Server 2007
  • Microsoft Office SharePoint Server 2010
  • Microsoft Office Groove Data Bridge Server 2007
  • Microsoft Office Groove Management Server 2007
  • Microsoft Groove Server 2010
  • Microsoft Windows SharePoint Services 2.0
  • Microsoft Windows SharePoint Services 3.0
  • Microsoft SharePoint Foundation 2010
  • Microsoft Office Web Apps 2010

CVE-2011-0653XSS in SharePoint Calendar Vulnerability

Description:A cross-site scripting vulnerability exists in Microsoft SharePoint 2010 that could result in information disclosure or elevation of privilege if a user clicks a specially crafted URL containing malicious JavaScript elements.

CVE-2011-1252HTML Sanitization Vulnerability

Description:An information disclosure vulnerability exists in the way that the SafeHTML function sanitizes HTML.

CVE-2011-1890Editform Script Injection Vulnerability

Description:A cross-site scripting, information disclosure, and elevation of privilege vulnerability exists in Microsoft SharePoint 2010 and Microsoft Foundation 2010 if a user visits a specially crafted Web site. Due to the vulnerability, malicious JavaScript can be injected into a post made to a targeted SharePoint site.

CVE-2011-1891Contact Details Reflected XSS Vulnerability

Description:A cross-site scripting vulnerability in Microsoft SharePoint could allow an attacker to gain control over valid user accounts, perform operations on the user's behalf, redirect the user to malicious sites, or steal user credentials.

CVE-2011-1892 SharePoint Remote File Disclosure Vulnerability

Description:A file disclosure vulnerability exists in Microsoft Office SharePoint that could allow a malicious authenticated user to use a specially crafted XML file to gain read-only access to a local file on the SharePoint server under the security context of the account running SharePoint.

CVE-2011-1893SharePoint XSS Vulnerability

Description:A cross-site scripting, information disclosure, and elevation of privilege vulnerability exists in Microsoft SharePoint Server and Windows SharePoint Services where JavaScript that is encoded in a specially crafted URL can be reflected back to the user in the resulting page, allowing an attacker to issue SharePoint commands in the context of the authenticated user on a targeted SharePoint site.