Consultores de seguridad de Zscaler
Zscaler Tackles Browser, Media and Communication Vulnerabilities in February 2013 Microsoft Patch Cycle
Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following 14 vulnerabilities included in the February 2013 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections as necessary.
MS13-009 – Cumulative Security Update for Internet Explorer (2792100)
Severity: Critical
Affected Software
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
CVE-2013-0018 - Internet Explorer SetCapture Use After Free Vulnerability
CVE-2013-0019 - Internet Explorer COmWindowProxy Use After Free Vulnerability
CVE-2013-0020 - Internet Explorer CMarkup Use After Free Vulnerability
CVE-2013-0021 - Internet Explorer vtable Use After Free Vulnerability
CVE-2013-0022 - Internet Explorer LsGetTrailInfo Use After Free Vulnerability
CVE-2013-0024 - Internet Explorer pasteHTML Use After Free Vulnerability
CVE-2013-0025 - Internet Explorer SLayoutRun Use After Free Vulnerability
CVE-2013-0026 - Internet Explorer InsertElement Use After Free Vulnerability
CVE-2013-0027 - Internet Explorer CPasteCommand Use After Free Vulnerability
CVE-2013-0028 - Internet Explorer CObjectElement Use After Free Vulnerability
CVE-2013-0029 - Internet Explorer CHTML Use After Free Vulnerability
Description: Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted.
MS13-010 – Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2797052)
Severity: Critical
Affected Software
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
CVE-2013-0030 - VML Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer handles objects in memory.
MS13-011 – Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091)
Severity: Critical
Affected Software
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
CVE-2013-0077 Media Decompression Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Windows handles media content.
MS13-020 – Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968)
Severity: Critical
Affected Software
- Windows XP
CVE-2013-1313 OLE Automation Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that Object Linking and Embedding (OLE) Automation allocates memory.