Security News

Microsoft Security Bulletins Coverage (Nov 09, 2010)

By

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of November, 2010. A list of issues reported, along with SonicWALL coverage information follows:

MS10-087 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)

  • CVE-2010-3333 – RTF Stack Buffer Overflow Vulnerability
    IPS 5950 Word RTF File Parsing Stack BO
  • CVE-2010-3334 – Office Art Drawing Records Vulnerability
    IPS 5955 Office Art Drawing Records Vulnerability
  • CVE-2010-3335 – Drawing Exception Handling Vulnerability
    IPS 5956 Malicious Excel Document 7b
  • CVE-2010-3336 – MSO Large SPID Read AV Vulnerability
    IPS 5957 Malicious Word Document 5b
    IPS 5958 Malicious Excel Document 8b
  • CVE-2010-3337 – Insecure Library Loading Vulnerability
    IPS 5726 Possible Binary Planting Attempt

MS10-088 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)

  • CVE-2010-2572 – PowerPoint Parsing Buffer Overflow Vulnerability
    IPS 5954 Malicious PowerPoint Document 1b
  • CVE-2010-2573 – PowerPoint Integer Underflow Causes Heap Corruption Vulnerability
    IPS 5945 Malicious PowerPoint Document 1b

MS10-089 Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)

  • CVE-2010-2732 – UAG Redirection Spoofing Vulnerability
    Note: There is no way to differentiate malformed and legitimate traffic.
  • CVE-2010-2733 – UAG XSS Allows EOP Vulnerability
    Note: There are no known public exploits targeting this vulnerability.
  • CVE-2010-2734 – XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability
    Note: There are no known public exploits targeting this vulnerability.
  • CVE-2010-3936 – XSS in Signurl.asp Vulnerability
    Note: There are no known public exploits targeting this vulnerability.
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
Unpatched PHP Deserialization Vulnerability in Artica Proxy
Cyber Security News & Trends – 05-03-19
Apache QPid Denial Of Service Vulnerability (April 10, 2015)
New Variant: PcShare Trojan, With [ups2 version 1.0.2] Server, Dec. 2018
Flash ads hijack cliboard (Aug 21, 2008)
Opera Browser Content Length Buffer Overflow (Mar 18, 2010)
Drupal CMS Modules Vulnerabilities Leads to Remote Code Execution
Critical flaw in the Cisco Prime Infrastructure leads to arbitrary file Upload and command execution