VPNの脆弱性に関する不安が広がっています。ZPAの60日間無料トライアルを利用して、VPNからの移行のメリットをお確かめください。

ゼットスケーラーのセキュリティアドバイザリ

セキュリティ アドバイザリー - 10月 08, 2013

Zscaler Protects against Memory Corruption in Internet Explorer/Microsoft Word Memory Corruption and .NET Framework/KMD Remote Code Execution

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following vulnerability included in the September 2013 Microsoft security bulletins.  Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections as necessary

MS13-080Cumulative Security Update for Internet Explorer

Severity: Critical
Affected Software

  • Internet Explorer 6-11

CVE-2013-3871Internet Explorer Memory Corruption Vulnerability
CVE-2013-3873Internet Explorer Memory Corruption Vulnerability
CVE-2013-3874Internet Explorer Memory Corruption Vulnerability
CVE-2013-3875Internet Explorer Memory Corruption Vulnerability
CVE-2013-3885Internet Explorer Memory Corruption Vulnerability
CVE-2013-3886Internet Explorer Memory Corruption Vulnerability
CVE-2013-3897Internet Explorer Memory Corruption Vulnerability
Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses an object in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS13-081Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution

Severity: Critical
Affected Software

  • Windows XP (All Versions)
  • Microsoft Server 2003 (All Versions)
  • Microsoft Vista (All Versions)
  • Microsoft Server 2008 (All Versions)
  • Windows 7 (All Versions)
  • Windows 7 (All Versions)
  • Windows Server 2012 (All Versions)

CVE-2013-3128OpenType Font Parsing Vulnerability
Description: A remote code execution vulnerability exists in the way that Windows parses specially crafted OpenType fonts (OTF). An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

MS13-082Vulnerabilities in .Net Framework Could Allow Remote Code Execution

Severity: Critical
Affected Software

  • Windows XP (All Versions)
  • Microsoft Server 2003 (All Versions)
  • Microsoft Vista (All Versions)
  • Microsoft Server 2008 (All Versions)
  • Windows 7 (All Versions)
  • Windows 7 (All Versions)
  • Windows Server 2012 (All Versions)

CVE-2013-3860Entity Expansion Vulnerability
CVE-2013-3861JSON Parsing Vulnerability
Description: A denial of service vulnerability exists in the .NET Framework that could allow an attacker to cause a server or application to crash or become unresponsive.

MS13-086Vulnerabilities in Microsoft Word Could Allow Remote Code Execution

Severity: Important
Affected Software

  • Microsoft Office 2003 (All Versions)
  • Microsoft Office 2007 (All Versions)
  • Microsoft Office Compatibility Pack (All Versions)

CVE-2013-3891Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that affected Microsoft Word software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.