Security Advisory - December 31, 2012

Zscaler Protects Against 0Day Vulnerability in Internet Explorer used in CFR ‘Watering Hole’ Attack

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following security vulnerability in Internet Explorer. Reports recently emerged on malware hosted at the Council on Foreign Relations (CFR) website that was leveraging a previously unknown vulnerability. It is being called a ‘watering hole’ attack as it is believed that the CFR website was specifically selected to target particular users of the site. At the present time, Microsoft has released a security advisory (2794220) detailing the vulnerability and recommended workarounds until a patch is available. The Zscaler cloud will detect and block websites leveraging this new vulnerability. Zscaler will continue to monitor exploits associated with this issue and deliver additional protections as needed.

Microsoft Security Advisory (2794220)

Affected Software

  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8

CVE-2012-4792 - Vulnerability in Internet Explorer Could Allow Remote Code Execution

Description: The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated.  


About Zscaler

Zscaler ensures that more than 15 million employees at more than 5,000 enterprise and government organizations worldwide are protected against cyber attacks and data breaches while staying fully compliant with corporate and regulatory policies. Zscaler’s award-winning Security-as-a-Service platform delivers a safe and productive Internet experience for every user, from any device and from any location. Zscaler effectively moves security into the Internet backbone, operating in more than 100 data centers around the world and enabling organizations to fully leverage the promise of cloud and mobile computing with unparalleled and uncompromising protection and performance. Zscaler delivers unified, carrier-grade Internet security, advanced persistent threat (APT) protection, data loss prevention, SSL decryption, traffic shaping, policy management and threat intelligence–all without the need for on-premise hardware, appliances or software. To learn more, visit us at

Press Contacts:

Bill Bode
Highwire PR
415-963-4174 ext. 49

Zscaler® and the Zscaler Logo are trademarks of Zscaler, Inc.
All other trademarks are the property of their respective firms.

Related Links:


Ad Retargater