Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Zscaler Provides Immediate Vulnerability Protection in the Face of Microsoft’s Largest Ever Patch Cycle

October 2010 by Zscaler

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following five web based, client-side vulnerabilities included in the October 2010 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections as necessary.

MS10-071 – Cumulative Security Update for Internet Explorer (2360131)
Severity: Critical
Affected Software

 Internet Explorer 6
 Internet Explorer 7
 Internet Explorer 8

CVE-2010-3243 HTML Sanitization Vulnerability
Description: An information disclosure vulnerability exists in the way that the toStaticHTML API sanitizes HTML, that could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user.

CVE-2010-3324 HTML Sanitization Vulnerability
Description: An information disclosure vulnerability exists in the way that the toStaticHTML API sanitizes HTML, that could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user.

CVE-2010-3325 CSS Special Character Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the way that Internet Explorer processes CSS special characters.

CVE-2010-3326 Uninitialized Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted.

CVE-2010-3328 Uninitialized Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted.

CVE-2010-3329 Uninitialized Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted when a document in an HTML format is opened in Microsoft Word.

CVE-2010-3330 Cross-Domain Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in Internet Explorer that could allow script to gain access to information in another domain or Internet Explorer zone.

CVE-2010-3331 Uninitialized Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted.

MS10-072 – Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)
Severity: Critical
Affected Software
 Microsoft SharePoint Server

CVE-2010-3243 HTML Sanitization Vulnerability
Description: An information disclosure vulnerability exists in the way that the toStaticHTML API sanitizes HTML, that could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user.

CVE-2010-3324 HTML Sanitization Vulnerability
Description: An information disclosure vulnerability exists in the way that the toStaticHTML API sanitizes HTML, that could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user.

MS10-076 – Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132)
Severity: Critical
Affected Software
 Windows XP
 Windows Server 2003
 Windows Vista
 Windows Server 2008
 Windows 7

CVE-2010-1883 Embedded OpenType Font Integer Overflow Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Windows Embedded OpenType (EOT) font technology parses certain tables in specially crafted embedded fonts.

MS10-078 – Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986)
Severity: Important
Affected Software

 Windows XP
 Windows Server 2003

CVE-2010-2740 OpenType Font Parsing Vulnerability
Description: An elevation of privilege vulnerability exists in the way that the Windows OpenType Font (OTF) format driver improperly parses specially crafted OpenType fonts.

CVE-2010-2741 OpenType Font Validation Vulnerability
Description: An elevation of privilege vulnerability exists in the way that the Windows OpenType Font (OTF) format driver improperly validates specially crafted OpenType fonts.

MS10-079 – Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)
Severity: Important
Affected Software
 Microsoft Office XP
 Microsoft Office 2003
 Microsoft Office 2007
 Microsoft Office 2010
 Microsoft Office 2004 for Mac
 Microsoft Office 2008 for Mac

CVE-2010-3214 Word Stack Overflow Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Word handles stack validation when parsing a specially crafted Word file.

MS10-080 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2293211)
Severity: Important
Affected Software

Microsoft Office XP
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac

CVE-2010-3230 Excel Record Parsing Integer Overflow Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files.
MS10-082 – Vulnerability in Windows Media Player Could Allow Remote Code
Execution (2378111)

Severity: Important

Affected Software
 Windows XP
 Windows Server 2003
 Windows Server 2008
 Windows Vista
 Windows 7

CVE-2010-2745 Windows Media Player Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Windows Media Player deallocates objects during a reload operation via a Web browser.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts