The Leader in Cloud Security SECURITY ADVISORY

Transcription

1 The Leader in Cloud Security SECURITY ADVISORY Security Advisory - December 14, 2010 Zscaler Provides Protection in the Face of Significant Microsoft Year End Patch Cycle Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 29 vulnerabilities spread across 9 security bulletins included in the December 2010 Microsoft patch cycle. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections as necessary. MS Cumulative Security Update for Internet Explorer ( ) Severity: Critical CVE HTML Object Memory Corruption Vulnerability Description: A use after free error exists on Internet Explorer 6/7, which could lead to CVE HTML Object Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. CVE HTML Element Memory Corruption Vulnerability Description: A memory corruption vulnerability when handling elements may lead to remote CVE HTML Element Memory Corruption Vulnerability Description: A memory corruption vulnerability exists when handling HTML+Time, that could lead to a crash or possible remote code execution CVE Uninitialized Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted.

2 MS Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Remote Code Execution ( ) Severity: Critical CVE OpenType Font Index Vulnerability Description: A font index vulnerability in the ATMFD Adobe font driver included in Windows could lead to code execution when parsing a malicious font file. CVE OpenType Font Double Free Vulnerability Description: A double free vulnerability in the ATMFD Adobe font driver included in Windows could lead to code execution when parsing a malicious font file. CVE OpenType CMAP Table Vulnerability Description: A vulnerability in the ATMFD Adobe font driver included in Windows could lead to code execution when parsing a malicious font file. MS Vulnerability in Task Scheduler could allow for Elevation of Privilege ( ) CVE Task Scheduler Vulnerability Description: A local vulnerability in the Windows task scheduler can lead to code execution in SYSTEM context. 2

3 MS Vulnerabilities in Windows Kernel- Mode Drivers Could Allow Elevation of Privilege ( ) CVE Win32k PFE Pointer Double Free Vulnerability Description: An elevation of privilege vulnerability exists due to the way that the Windows kernel- mode drivers free objects that are no longer in use. CVE Win32k Double Free Vulnerability Description: An elevation of privilege vulnerability exists due to the way that the Windows kernel- mode drivers free objects that are no longer in use. CVE Win32k WriteAV Vulnerability Description: An elevation of privilege vulnerability exists in the way that Windows kernel- mode drivers improperly allocate memory when copying data from user mode. CVE Win32k Cursor Linking Vulnerability Description: An elevation of privilege vulnerability exists due to the way that Windows Kernel- mode drivers manage kernel- mode driver objects. CVE Win32k Memory Corruption Vulnerability Description: An elevation of privilege vulnerability exists in the way that the Windows kernel- mode drivers improperly validate input passed from user mode. MS Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege ( ) CVE Kernel NDProxy Buffer Overflow Vulnerability Description: An elevation of privilege vulnerability exists in the Routing and Remote Access NDProxy component of the Windows kernel due to improper validation of input passed from user mode to the kernel. MS Vulnerability in Consent User Interface Could Allow Elevation of Privilege ( ) CVE Consent UI Impersonation Vulnerability Description: An elevation of privilege vulnerability exists in the way that the Consent User Interface (UI) improperly processes special values read from the registry. 3

4 MS Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution ( ) Microsoft Office XP Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2010 CVE Size Value Heap Corruption Vulnerability in pubconv.dll Description: A remote vulnerability in Publisher could cause heap corruption, resulting in arbitrary CVE Heap Overrun Vulnerability in pubconv.dll Description: A remote vulnerability in Publisher could cause a heap overflow, resulting in arbitrary CVE Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Description: A remote vulnerability in Publisher could cause an integer overflow, resulting in arbitrary CVE Microsoft Publisher Memory Corruption Vulnerability Description: A remote vulnerability in Publisher could cause memory corruption, resulting in arbitrary CVE Array Indexing Memory Corruption Vulnerability Description: A remote vulnerability in Publisher could cause an integer overflow, resulting in arbitrary MS Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution ( ) Microsoft SharePoint Portal Server 2001 Microsoft SharePoint Portal Server 2003 Microsoft Windows SharePoint Services 2.0 Microsoft Windows SharePoint Services 3.0 SharePoint Foundation 2010 Microsoft SharePoint Server 2010 Microsoft Groove 2007 Microsoft SharePoint Workspace CVE Malformed Request Code Execution Vulnerability Description: A remote code execution vulnerability exists in the way that the Document Conversions Launcher Service validates SOAP requests before processing on a SharePoint server. 4

5 MS Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095) Microsoft Office XP Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2010 Microsoft Office Converter Pack Microsoft Works 9 CVE Embedded OpenType Font Integer Overflow Vulnerability Description: A vulnerability in the.cgm image converter included in Office could cause a heap overflow, resulting in arbitrary CVE PICT Image Converter Integer Overflow Vulnerability Description: A bug in the PICT graphics converter in Microsoft Office could cause an integer overflow, resulting in arbitrary CVE TIFF Image Converter Heap Overflow Vulnerability Description: A vulnerability in the TIFFIM32.FLT filter that ships in Office XP could cause a heap overflow, resulting in arbitrary CVE TIFF Image Converter Buffer Overflow Vulnerability Description: A vulnerability exists in the TIFFIM32.FLT filter that ships in Office XP could cause a buffer overflow, resulting in arbitrary CVE TIFF Image Converter Memory Corruption Vulnerability Description: A vulnerability in the Microsoft Office Document Imaging tool could cause a memory corruption, resulting in arbitrary CVE FlashPix Image Converter Buffer Overflow Vulnerability Description: A vulnerability in the FlashPix Graphics Filter could cause a buffer overflow, resulting in arbitrary CVE FlashPix Image Converter Heap Corruption Vulnerability Description: A vulnerability in the FlashPix Graphics Filter could cause heap corruption, resulting in arbitrary About Zscaler Through a multi- tenant, globally- deployed infrastructure, Zscaler enforces business policy, mitigates risk, and provides twice the functionality at a fraction of the cost of current solutions. It enables organizations to provide the right access to the right users, from any place and on any device, while empowering the end- user with a rich Internet experience. For more information, visit us at Press Contacts Paula Dunne Office: , Mobile: Paula.Dunne@zscaler.com Zscaler, and the Zscaler Logo are trademarks of Zscaler, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners. 5