Zscaler Provides Immediate Vulnerability Protection During Microsoft’s Patch Cycle
November 2010 by Zscaler
Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for six Microsoft Office and three Forefront Unified Access Gateway web based, client-side vulnerabilities included the November 2010 Microsoft security bulletins. Zscaler customers licensed for the Advanced Threat Protection service are shielded from attack without the need to take further action. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections as necessary.
MS10-088 – Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)
Severity: Important
Affected Software
– Microsoft Office XP
– Microsoft Office 2003
– Microsoft Office 2004 for Mac
– Microsoft PowerPoint Viewer
CVE-2010-2572 PowerPoint Parsing Buffer Overflow Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft PowerPoint handles specially crafted PowerPoint 95 files.
CVE-2010-2573 PowerPoint Integer Underflow Causes Heap Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft PowerPoint handles specially crafted PowerPoint files.
MS10-089 – Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)
Severity: Important
Affected Software
– Forefront Unified Access Gateway 2010
CVE-2010-2733 UAG XSS EOP Vulnerability
Description: A cross-site scripting (XSS) vulnerability exists in Forefront Unified Access Gateway (UAG) that could allow specially crafted script code to run under the guise of the server. This is a non-persistent cross-site scripting vulnerability that could allow an attacker to issue commands to the UAG server in the context of the targeted user.
CVE-2010-2734 XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability
Description: A cross-site scripting (XSS) vulnerability exists in Forefront Unified _ Access Gateway (UAG) that could allow specially crafted script code to run under the guise of the server. This is a non-persistent cross-site scripting vulnerability that could allow an attacker to issue commands to the UAG server in the context of the targeted user.
CVE-2010-3936 XSS in Signurl.asp Vulnerability
Description: A cross-site scripting (XSS) vulnerability exists in Forefront Unified Access Gateway (UAG) that could allow specially crafted script code to run under the guise of the server. This is a non-persistent cross-site scripting vulnerability that could allow an attacker to issue commands to the UAG server in the context of the targeted user.
MS10-087 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
Severity: Critical
Affected Software
– Microsoft Office XP
– Microsoft Office 2003
– Microsoft Office 2007
– Microsoft Office 2010
– Microsoft Office 2004 for Mac
– Microsoft Office 2008 for Mac
– Microsoft Office 2011 for Mac
– Open XML File Format Converter for Mac
CVE-2010-3333 RTF Stack Buffer Overflow Vulnerability
Description: A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted Rich Text Format (RTF) formatted data.
CVE-2010-3334 Office Art Drawing Records Vulnerabilities
Description: A remote code execution vulnerability exists in the way that Microsoft Office software parses specially crafted Office files.
CVE-2010-3335 Drawing Exception Handling Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Office software parses specially crafted Office files.
CVE-2010-3336 MSO Large SPID Read AV Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Office software parses specially crafted Office files.