ゼットスケーラーのセキュリティアドバイザリ

セキュリティ アドバイザリー - February 12, 2013

Zscaler Tackles Browser, Media and Communication Vulnerabilities in February 2013 Microsoft Patch Cycle

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following 14 vulnerabilities included in the February 2013 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections as necessary.

MS13-009 – Cumulative Security Update for Internet Explorer (2792100)

Severity: Critical

Affected Software

  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10

CVE-2013-0018 - Internet Explorer SetCapture Use After Free Vulnerability

CVE-2013-0019 - Internet Explorer COmWindowProxy Use After Free Vulnerability

CVE-2013-0020 - Internet Explorer CMarkup Use After Free Vulnerability

CVE-2013-0021 - Internet Explorer vtable Use After Free Vulnerability

CVE-2013-0022 - Internet Explorer LsGetTrailInfo Use After Free Vulnerability

CVE-2013-0024 - Internet Explorer pasteHTML Use After Free Vulnerability

CVE-2013-0025 - Internet Explorer SLayoutRun Use After Free Vulnerability

CVE-2013-0026 - Internet Explorer InsertElement Use After Free Vulnerability

CVE-2013-0027 - Internet Explorer CPasteCommand Use After Free Vulnerability

CVE-2013-0028 - Internet Explorer CObjectElement Use After Free Vulnerability

CVE-2013-0029 - Internet Explorer CHTML Use After Free Vulnerability

Description: Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted.

MS13-010 – Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2797052)

Severity: Critical
Affected Software

  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10

CVE-2013-0030 - VML Memory Corruption Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer handles objects in memory.

MS13-011 – Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091)

Severity: Critical
Affected Software

  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008

CVE-2013-0077 Media Decompression Vulnerability

Description: A remote code execution vulnerability exists in the way that Microsoft Windows handles media content.

MS13-020 – Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968)

Severity: Critical
Affected Software

  • Windows XP

CVE-2013-1313 OLE Automation Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Object Linking and Embedding (OLE) Automation allocates memory.