Security Advisory - July 13, 2010

Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following three web based, client-side attacks included in the July 2010 Microsoft security bulletins. Zscaler clients are protected from the following vulnerabilities simply by leveraging the Zscaler platform, without the need to take any further action.

MS10-042 - Vulnerability in Help and Support Center Could Allow Remote Code Execution

Severity: Critical
Affected Software

• Windows XP
• Windows Server 2003

CVE-2010-1885 - Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly

Description: An unauthenticated remote code execution vulnerability exists in the way that the Microsoft Help and Support Center validates specially crafted URLs. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message.

Note: Details of this vulnerability were first made public on June 10, 2010, when they were posted to the Full Disclosure mailing list. On that day, Microsoft shared private information about the vulnerability with Microsoft MAPPs partners, of which Zscaler is a member, and exploit code for this issue appeared in-the-wild shortly thereafter. Zscaler deployed protections for CVE-2010-1885 on June 10 immediately following notification from Microsoft and has blocked numerous exploitation attempts during the 34 days that this issue was exposed without a patch being available.

MS10-044 - Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution

Severity: Critical
Affected Software

• Microsoft Office 2003
• Microsoft Office 2007

CVE-2010-1881 - ACCWIZ.dll Uninitialized Variable Vulnerability

Description: A remote code execution vulnerability exists in the way that the FieldList ActiveX control is instantiated by Microsoft Office and Internet Explorer.

CVE-2010-0814 - Access ActiveX Control Vulnerability

Description: A remote code execution vulnerability exists in Access ActiveX controls due to the way that multiple ActiveX controls are loaded by Internet Explorer

CVE-2010-1257 - toStaticHTML Information Disclosure Vulnerability

Description: An information leakage vulnerability exists in the way Internet Explorer handles content using specific strings when sanitizing HTML. This vulnerability could be leveraged by an attacker to conduct a cross-site scripting (XSS) attack against a victim, on sites utilizing the toStaticHTML API.

CVE-2010-1259 - Uninitialized Memory Corruption Vulnerability

Description: A remote code execution vulnerability can be triggered when Internet Explorer attempts to access an object that has not been correctly initialized or has been deleted.

CVE-2010-1262 - Memory Corruption Vulnerability

Description: A remote code execution vulnerability can be triggered when Internet Explorer attempts to access an object that has not been correctly initialized or has been deleted.

MS10-039 - Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege

Severity: Important
Affected Software

• Microsoft SharePoint Services 3.0
• Microsoft Office InfoPath 2003
• Microsoft Office InfoPath 2007
• Microsoft Office SharePoint Server 2007

CVE-2010-0817 - Help.aspx XSS Vulnerability

Description: A cross-site scripting (XSS) vulnerability exists in Microsoft SharePoint and InfoPath which could allow an attacker to execute active script in the context of a user that visited a vulnerable web page.

Note: Zscaler has always provided cross-site scripting (XSS) protection against all vulnerable websites. Therefore, Zscaler customers have always been protected against this and similar vulnerabilities in all web sites.