torsdag 14 juni 2012

WeCloud skyddar mot nya sårbarheter

WeCloud's webbsäkerhetslösning Zscaler, som arbetar med Microsoft genom MAPPs-programmet, har aktivtiverat skydd för följande 16 webb-baserade klient-sårbarheter som ingår i Microsoft Juni-säkerhetsuppdatering:


MS12-­-037 – Cumulative Security Update for Internet Explorer (2699988)
Severity: Critical Affected Software
  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9

CVE-­-2012-­-1523 Center Element Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted. 

CVE-­-2012-­-1858 HTML Sanitization Vulnerability
Description: An information disclosure vulnerability exists in the way that Internet Explorer handles content using specific strings when sanitizing HTML.

CVE-­-2012-­-1873 Null Byte Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in Internet Explorer that could allow an attacker to gain access and read Internet Explorer's process memory.

CVE-­-2012-­-1874 Developer Toolbar Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

CVE-­-2012-­-1875 Same ID Property Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

CVE-­-2012-­-1876 Col Element Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that does not exist.

CVE-­-2012-­-1877 Title Element Change Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

CVE-­-2012-­-1878 OnBeforeDeactivate Event Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

CVE-­-2012-­-1879 insertAdjacentText Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an undefined memory location.

CVE-­-2012-­-1880 insertRow Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

CVE-­-2012-­-1881 OnRowsInserted Event Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

MS12-­-038 – Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
Severity: Critical Affected Software
  • Windows XP
  • Windows Server 2003 
  • Windows Vista
  • Windows Server 2008
  • Windows 7
CVE-­-2012-­-1855 .NET Framework Memory Access Vulnerability
Description: A remote code execution vulnerability exists in the Microsoft .NET Framework due to the improper execution of a function pointer.

MS12-­-039 – Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)
Severity: Important Affected Software
  • Microsoft Communicator 2007
  • Microsoft Lync 2010
CVE-­-2011-­-3402 TrueType Font Parsing Vulnerability
Description: A remote code execution vulnerability exists in the way that affected components handle shared content that contains specially crafted TrueType fonts.

CVE-­-2012-­-0159 TrueType Font Parsing Vulnerability
Description: A remote code execution vulnerability exists in the way that affected components handle shared content that contains specially crafted TrueType fonts.

CVE-­-2012-­-1858 HTML Sanitization Vulnerability
Description: An information disclosure vulnerability exists in the way that HTML is filtered that could allow an attacker to perform cross-­-site scripting attacks and run script in the security context of the current user.

MS12-­-040 – Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)
Severity: Important Affected Software
  • Microsoft Dynamics AX 2012
CVE-­-2012-­-1857 Dynamics AX Enterprise Portal XSS Vulnerability
Description: A cross-­-site scripting vulnerability exists in Microsoft Dynamics AX Enterprise Portal that could result in information disclosure or elevation of privilege if a user clicks a specially crafted URL that contains malicious JavaScript elements.