Global leaders are coming to Zenith Live. Are you? Learn More
Global leaders are coming to Zenith Live. Are you?
Learn More

 

Security Advisory - September 14, 2010

Zscaler Provides Protection for 3 New Microsoft Vulnerabilities

 

 

Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following three web based, client-side vulnerabilities included in the September 2010 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections as necessary.

MS10-062 – Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution (975558)

Severity: Critical
Affected Software

  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008

CVE-2010-0818 - MPEG-4 Codec Vulnerability

Description: A remote code execution vulnerability exists in the way that the MPEG-4 codec handles supported format files. This vulnerability could allow code execution when a user opens a specially crafted media file.

MS10-063 – Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2320113)

Severity: Critical
Affected Software

  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Microsoft Office XP
  • Microsoft Office 2003
  • Microsoft Office 2007

CVE-2010-2738 - Uniscribe Font Parsing Engine Memory Corruption Vulnerability

Description: A remote code execution vulnerability exists in affected versions of Microsoft Windows and Microsoft Office. The vulnerability exists because Windows and Office incorrectly parses specific font types, which could lead to remote code execution.

MS10-067 – Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2259922)

Severity: Important
Affected Software

  • Windows XP
  • Windows Server 2003

CVE-2010-2563 - WordPad Word 97 Text Converter Memory Corruption Vulnerability

Description: A remote code execution vulnerability exists in the way that Microsoft WordPad processes memory when parsing a specially crafted Word 97 document. The vulnerability could allow remote code execution when a user opens a specially crafted Word file that includes a malformed structure.