WeCloud web-sikkerhedsløsning Zscaler , der arbejder med Microsoft via MAPPs-programmet, har aktiveret beskyttelse af de følgende 16 web-baserede klient-sårbarheder, der er inkluderet i Microsofts sikkerhedsopdatering for juni:
MS12--037 – Cumulative Security Update for
Internet Explorer (2699988)
Severity: Critical Affected Software
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
CVE--2012--1523 Center
Element Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way
that Internet Explorer accesses an object that has been deleted.
CVE--2012--1858 HTML
Sanitization Vulnerability
Description: An information disclosure vulnerability exists in the way
that Internet Explorer handles content using specific strings when sanitizing
HTML.
CVE--2012--1873 Null Byte
Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in Internet
Explorer that could allow an attacker to gain access and read Internet
Explorer's process memory.
CVE--2012--1874 Developer
Toolbar Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way
that Internet Explorer accesses an object that has been deleted.
CVE--2012--1875 Same ID
Property Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way
that Internet Explorer accesses an object that has been deleted.
CVE--2012--1876 Col
Element Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way
that Internet Explorer accesses an object that does not exist.
CVE--2012--1877 Title Element Change Remote
Code Execution Vulnerability
Description: A remote code
execution vulnerability exists in the way that Internet Explorer accesses an
object that has been deleted.
CVE--2012--1878 OnBeforeDeactivate Event
Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that
Internet Explorer accesses an object that has been deleted.
CVE--2012--1879
insertAdjacentText Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way
that Internet Explorer accesses an undefined memory location.
CVE--2012--1880 insertRow
Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way
that Internet Explorer accesses an object that has been deleted.
CVE--2012--1881
OnRowsInserted Event Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way
that Internet Explorer accesses an object that has been deleted.
MS12--038 – Vulnerability in .NET Framework
Could Allow Remote Code Execution (2706726)
Severity: Critical Affected Software
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
CVE--2012--1855 .NET
Framework Memory Access Vulnerability
Description: A remote code execution vulnerability exists in the
Microsoft .NET Framework due to the improper execution of a function pointer.
MS12--039 – Vulnerabilities in Lync Could Allow
Remote Code Execution (2707956)
Severity: Important Affected Software
- Microsoft Communicator 2007
- Microsoft Lync 2010
CVE--2011--3402 TrueType
Font Parsing Vulnerability
Description: A remote code execution vulnerability exists in the way
that affected components handle shared content that contains specially crafted
TrueType fonts.
CVE--2012--0159 TrueType Font Parsing
Vulnerability
Description: A remote code execution vulnerability exists in the way that
affected components handle shared content that contains specially crafted
TrueType fonts.
CVE--2012--1858 HTML
Sanitization Vulnerability
Description: An information disclosure vulnerability exists in the way
that HTML is filtered that could allow an attacker to perform cross--site
scripting attacks and run script in the security context of the current user.
MS12--040 – Vulnerability in Microsoft Dynamics
AX Enterprise Portal Could Allow Elevation of Privilege (2709100)
Severity: Important Affected Software
- Microsoft Dynamics AX 2012
CVE--2012--1857 Dynamics
AX Enterprise Portal XSS Vulnerability
Description: A cross--site scripting vulnerability exists in Microsoft
Dynamics AX Enterprise Portal that could result in information disclosure or
elevation of privilege if a user clicks a specially crafted URL that contains
malicious JavaScript elements.