Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Zscaler Provides Protection for 8 New Microsoft Vulnerabilities

August 2010 by Zscaler

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following eight web based, client-side vulnerabilities included in the August 2010 Microsoft security bulletins. Zscaler clients are protected from the following vulnerabilities simply by leveraging the Zscaler platform, without the need to take any further action.

MS10-060 – Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution
Severity: Critical
Affected Software
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7

CVE-2010-0019 Microsoft Silverlight Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Silverlight handles pointers. The vulnerability could allow remote code execution when a user visits a specially crafted web site that contains Silverlight content.

MS10-053 – Cumulative Security Update for Internet Explorer
Severity: Critical
Affected Software
Internet Explorer 6
Internet explorer 7
Internet Explorer 8

CVE-2010-1258 Event Handler Cross-Domain Vulnerability
Description: An information disclosure vulnerability exists in Internet Explorer that could allow script to gain access to a browser window in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted web page that could allow information disclosure if a user viewed the Web page and then interacts with the browser window using the mouse.

CVE-2010-2556 Uninitialized Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted web page. When a user views the Web page, the vulnerability could allow remote code execution.

CVE-2010-2557 Uninitialized Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted web page. When a user views the web page, the vulnerability could allow remote code execution.

CVE-2010-2558 Race Condition Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that may have been corrupted due to a race condition. An attacker could exploit the vulnerability by constructing a specially crafted web page. When a user views the web page, the vulnerability could allow remote code execution.

CVE-2010-2559 Uninitialized Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted web page. When a user views the Web page, the vulnerability could allow remote code execution.

CVE-2010-2560 HTML Layout Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted web page. When a user views the web page, the vulnerability could allow remote code execution.

MS10-049 – Vulnerabilities in SChannel could allow Remote Code Execution
Severity: Critical
Affected Software
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7

CVE-2009-3555 TLS/SSL Renegotiation Vulnerability

Description: A spoofing vulnerability exists in the TLS/SSL protocol, implemented in the Microsoft Windows SChannel authentication component. An attacker who successfully exploited this vulnerability would be able to introduce information on a TLS/SSL protected connection, effectively sending traffic spoofing the authenticated client.

Note: Note: This vulnerability stems from an issue previously discussed in Microsoft Security Advisory 977377, first released on February 9, 2010. This vulnerability affected multiple vendors, however Zscaler was not affected, therefore, customers leveraging Zscaler’s SSL inspection capabilities, have not been impacted by this issue.




See previous articles

    

See next articles