Microsoft Security Bulletins Coverage (Oct 12, 2010)
SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of October, 2010. A list of issues reported, along with SonicWALL coverage information follows:
MS10-071 Cumulative Security Update for Internet Explorer (2360131)- CVE-2010-0808 – AutoComplete Information Disclosure Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3243 – HTML Sanitization Vulnerability
IPS 5844 MS IE XSS Vulnerability Exploit - CVE-2010-3324 – HTML Sanitization Vulnerability
IPS 4149 MS IE toStaticHTML Method Invocation - CVE-2010-3325 – CSS Special Character Information Disclosure Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3326– Uninitialized Memory Corruption Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3327 – Anchor Element Information Disclosure Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3328– Uninitialized Memory Corruption Vulnerability
Note: Detection would require a logical analysis or traversal of a file. It is not feasible. - CVE-2010-3329– Uninitialized Memory Corruption Vulnerability
IPS 5836MS IE Uninitialized Memory Corruption Vulnerability 2 (MS10-071) - CVE-2010-3330– Cross-Domain Information Disclosure Vulnerability
Note: Detection would require a logical analysis or traversal of a file. It is not feasible. - CVE-2010-3331– Uninitialized Memory Corruption Vulnerability
IPS 5835MS IE Uninitialized Memory Corruption Vulnerability (MS10-071)
MS10-072 Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)
- CVE-2010-3243– HTML Sanitization Vulnerability
Note: Please refer to MS10-071 - CVE-2010-3324– HTML Sanitization Vulnerability
Note: Please refer to MS10-071
MS10-073 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957)
- CVE-2010-2549– Win32K Reference Count Vulnerability
Note: Local elevation of privilege - CVE-2010-2743– Win32K Keyboard Layout Vulnerability
Note: Local elevation of privilege - CVE-2010-2744– Win32k Window Class Vulnerability
Note: Local elevation of privilege
MS10-074 Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149)
- CVE-2010-3227– Windows MFC Document Title Updating Buffer Overflow Vulnerability
Note: There are no known public exploits targeting this vulnerability.
- CVE-2010-3225– RTSP Use After Free Vulnerability
IPS 5845 Microsoft Windows Media Player Code Execution Exploit
- CVE-2010-1883– Embedded OpenType Font Integer Overflow Vulnerability
IPS 5837 Malicious Font File Download 5b
MS10-077Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841)
- CVE-2010-3228– .NET Framework x64 JIT Compiler Vulnerability
Note: There is no way to differentiate malformed and legitimate traffic.
- CVE-2010-2740– OpenType Font Parsing Vulnerability
IPS 5831 Malicious Font File Download 3b - CVE-2010-2741– OpenType Font Validation Vulnerability
IPS 5832 Malicious Font File Download 4b
MS10-079Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)
- CVE-2010-2747– Word Uninitialized Pointer Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-2748– Word Boundary Check Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-2750– Word Index Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3214– Word Stack Overflow Vulnerability
IPS 5833Malicious Word Document 3b - CVE-2010-3215– Word Return Value Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3216– Word Bookmarks Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3217– Word Pointer Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3218– Word Heap Overflow Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3219– Word Index Parsing Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3220– Word Parsing Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3221– Word Parsing Vulnerability
Note: There are no known public exploits targeting this vulnerability.
MS10-080 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2293211)
- CVE-2010-3230– Excel Record Parsing Integer Overflow Vulnerability
IPS 5840Malicious Excel Document 6b - CVE-2010-3231– Excel Record Parsing Memory Corruption Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3232– Excel File Format Parsing Vulnerability
IPS 5839Malicious Excel Document 5b - CVE-2010-3233– Lotus 1-2-3 Workbook Parsing Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3234– Formula Substream Memory Corruption Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3235– Formula Biff Record Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3236– Out Of Bounds Array Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3237– Merge Cell Record Pointer Vulnerability
IPS 5834Malicious Excel Document 3b - CVE-2010-3238– Negative Future Function Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3239– Extra Out of Boundary Record Parsing Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3240– Real Time Data Array Record Vulnerability
IPS 5838Malicious Excel Document 4b - CVE-2010-3241– Out-of-Bounds Memory Write in Parsing Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3242– Ghost Record Type Parsing Vulnerability
Note: There are no known public exploits targeting this vulnerability.
MS10-081 Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2296011)
- CVE-2010-2746– Comctl32 Heap Overflow Vulnerability
Note: There are no known public exploits targeting this vulnerability.
MS10-082 Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111)
- CVE-2010-2745– Windows Media Player Memory Corruption Vulnerability
Note: There are no known public exploits targeting this vulnerability.
- CVE-2010-1263– COM Validation Vulnerability
Note: This is a platform design-level issue. The detection logic varies in different ActiveX control.
MS10-084 Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937)
- CVE-2010-3222– LPC Message Buffer Overrun Vulnerability
Note: This is a Local elevation of privilege.
MS10-085 Vulnerability in SChannel Could Allow Denial of Service (2207566)
- CVE-2010-3229– TLSv1 Denial of Service Vulnerability
IPS 5846MS IIS 7.0 Denial of Service Attempt
MS10-086 Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255)
- CVE-2010-3223– Permissions on New Cluster Disks Vulnerability
Note: There is no way to differentiate malformed and legitimate traffic.
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
