torsdag 14 mars 2013

Pro-aktivt skydd för nya 0-dagarssårbarheter





Zscaler, som arbetar med Microsoft genom MAPPs-programmet, ger ett pro-aktivt skydd för den nya 0-dagarssårbarhet i Microsoft Visio, OneNote, SharePoint and Internet Explorer. 

MS13-024 – Vulnerabilities in SharePoint Could Allow Elevation of Privilege

Severity: Critical
Affected Software
  • Microsoft SharePoint Server 2010 Service Pack 1
  • Microsoft SharePoint Foundation 2010 Service Pack 1
CVE-2013-0080 Callback Function Vulnerability
CVE-2013-0083 SharePoint XSS Vulnerability
CVE-2013-0084 SharePoint Directory Traversal Vulnerability

Description: An elevation of privilege exists in Microsoft SharePoint Server.  An attacker who successfully exploited this vulnerability could allow an attacker, after obtaining sensitive system data, elevate their access to the server.

MS13-023 – Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution
Severity: Critical
Affected Software
  • Microsoft Visio Viewer 2010 Service Pack 1 (32-bit Edition)
  • Microsoft Visio Viewer 2010 Service Pack 1 (64-bit Edition)
  • Microsoft Visio 2010 Service Pack 1 (32-bit Edition)
  • Microsoft Visio 2010 Service Pack 1 (64-bit Edition)
  • Microsoft Office 2010Filter Pack Service Pack 1 (32-bit Edition)
  • Microsoft Office 2010Filter Pack Service Pack 1 (64-bit Edition)
CVE-2013-0079 Visio Viewer Tree Object Type Confusion Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Visio Viewer handles memory when rendering specially crafted Visio files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

MS13-021 – Cumulative Security Update for Internet Explorer
Severity: Critical
Affected Software
  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
CVE-2013-0087 Internet Explorer OnResize Use After Free Vulnerability
CVE-2013-0088 Internet Explorer saveHistory Use After Free Vulnerability
CVE-2013-0089 Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability
CVE-2013-0090 Internet Explorer CCaret Use After Free Vulnerability
CVE-2013-0091 Internet Explorer CElement Use After Free Vulnerability
CVE-2013-0092 Internet Explorer GetMarkupPtr Use After Free Vulnerability
CVE-2013-0093 Internet Explorer onBeforeCopy Use After Free Vulnerability

Description: The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.

MS13-025 – Vulnerability in Microsoft OneNote Could Allow Information Disclosure
Severity: Critical
Affected Software
  • Microsoft OneNote 2010 Service Pack 1 (32-bit editions)
  • Microsoft OneNote 2010 Service Pack 1 (64-bit editions)
CVE-2013-0086 Buffer Size Validation Vulnerability
Description: An information disclosure vulnerability exists in the way that Microsoft OneNote allocates memory from parsing a specially crafted OneNote (.ONE) file.