Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Zscaler Provides Protection for 7 New Microsoft Vulnerabilities and 4 Third Party Vulnerabilities

June 2010 by Zscaler

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following 11 web based, client-­‐ side attacks included in the June 2010 Microsoft security bulletins. Zscaler clients are protected from the following vulnerabilities simply by leveraging the Zscaler platform, without the need to take any further action.

MS10-­‐034 – Cumulative Security Update of ActiveX Kill Bits Severity: Critical Affected Software

• Microsoft Windows 2000 • Windows XP

• Windows Vista

• Windows 7

• Windows Server 2003

• Windows Server 2008 CVE-­‐2010-­‐0252 Microsoft Data Analyzer ActiveX Control Vulnerability

Description:

A remote code execution vulnerability in the Microsoft Data Analyzer ActiveX Control could lead to a full system compromise, should a victim view a web page containing a maliciously crafted ActiveX control

CVE-­‐2010-­‐0811

Microsoft Internet Explorer 8 Developer Tools Vulnerability

Description:

A remote code execution vulnerability in the Microsoft Internet Explorer 8 Developer Tools ActiveX Control could lead to a full system compromise, should a victim view a web page containing a maliciously crafted ActiveX control

Note: Security bulletin

MS10-­‐034

also includes kill-­‐bits for the following four, third party applications, which include vulnerable ActiveX controls. Zscaler is also monitoring for/blocking web pages, which request these ActiveX controls:

• Danske Bank
- ­‐ Danske eSec

o CLSID: F6A56D95-­‐A3A3-­‐11D2-­‐AC26-­‐400000058481

• CA
- ­‐ Pest Scan

o CLSID: 56393399-­‐041A-­‐4650-­‐94C7-­‐13DFCB1F4665

• Eastman Kodak Company
- ­‐ Ofoto Upload Manager / Kodak Gallery Easy Upload Manager o CLISID: 6f750200-­‐1362-­‐4815-­‐A476-­‐88533DE61D0C o CLISID: 6f750201-­‐1362-­‐4815-­‐A476-­‐88533DE61D0C

• Avaya
- ­‐ CallPilot Unified Messaging

o CLISID: 7F14A9EE-­‐6989-­‐11D5-­‐8152-­‐00C04F191FCA MS10-­‐035 – Cumulative Security Update for Internet Explorer Severity: Critical Affected Software

• Internet Explorer 6

• Internet Explorer 7

• Internet Explorer 8 CVE-­‐2010-­‐0255 Cross-­‐Domain Information Disclosure Vulnerability

Description:

An information leakage vulnerability exists in the way that Internet Explorer caches data which could expose sensitive data to third parties by allowing them to bypass cross-­‐domain restrictions.

CVE-­‐2010-­‐1257 toStaticHTML Information Disclosure Vulnerability

Description: An information leakage vulnerability exists in the way Internet Explorer handles content using specific strings when sanitizing HTML.

This vulnerability could be leveraged by an attacker to conduct a cross-­‐site scripting (XSS) attack against a victim, on sites utilizing the toStaticHTML API.

CVE-­‐2010-­‐1259 Uninitialized Memory Corruption Vulnerability

Description:

A remote code execution vulnerability can be triggered when Internet Explorer attempts to access an object that has not been correctly initialized or has been deleted.

CVE-­‐2010-­‐1262 Memory Corruption Vulnerability

Description:

A remote code execution vulnerability can be triggered when Internet Explorer attempts to access an object that has not been correctly initialized or has been deleted.

MS10-­‐039 – Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege Severity:

Important Affected Software

• Microsoft SharePoint Services 3.0

• Microsoft Office InfoPath 2003

• Microsoft Office InfoPath 2007

• Microsoft Office SharePoint Server 2007

CVE-­‐2010-­‐0817

Help.aspx XSS Vulnerability

Description:

A cross-­‐site scripting (XSS) vulnerability exists in Microsoft SharePoint and InfoPath which could allow an attacker to execute active script in the context of a user that visited a vulnerable web page.




See previous articles

    

See next articles