Microsoft Security Bulletins Coverage (April 12, 2011)

By

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of April, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-018 Cumulative Security Update for Internet Explorer (2497640)

  • CVE-2011-0094 – Layouts Handling Memory Corruption Vulnerability
    IPS 6432 MS IE Memory Corruption Vulnerability
  • CVE-2011-0346 – MSHTML Memory Corruption Vulnerability
    There is no feasable method of detection.
  • CVE-2011-1245 – Javascript Information Disclosure Vulnerability
    IPS 6435 MS IE Javascript Information Disclosure Vulnerability
  • CVE-2011-1345 – Object Management Memory Corruption Vulnerability
    IPS 6427 MS IE Double Release Object Vulnerability
    IPS 6428 MS IE Double Release Object Vulnerability 2
    GAV IExploit.A6428

MS11-019 Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)

  • CVE-2011-0654 – Browser Pool Corruption Vulnerability
    IPS 6248 Generic Netbios Shellcode Exploit
  • CVE-2011-0660 – SMB Client Response Parsing Vulnerability
    IPS 6436 SMB Client Response Parsing Vulnerability Exploit

MS11-020 Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)

  • CVE-2011-0661 – SMB Transaction Parsing Vulnerability
    There is no feasable method of detection.

MS11-021 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)

  • CVE-2011-0097 – Excel Integer Overrun Vulnerability
    GAV MS.Xsl.E
  • CVE-2011-0098 – Excel Heap Overflow Vulnerability
    GAV MS.Xsl.E_2
  • CVE-2011-0101 – Excel Record Parsing WriteAV Vulnerability
    GAV MS.Xsl.E_3
  • CVE-2011-0103 – Excel Memory Corruption Vulnerability
    GAV MS.Xsl.E_5
  • CVE-2011-0104 – Excel Buffer Overwrite Vulnerability
    GAV Hlink.BO.A
    GAV Hlink.BO.B
  • CVE-2011-0105 – Excel Data Initialization Vulnerability
    GAV MS.Xsl.E_6
  • CVE-2011-0978 – Excel Array Indexing Vulnerability
    GAV MS.Xsl.E_7
  • CVE-2011-0979 – Excel Linked List Corruption Vulnerability
    GAV MS.Xsl.E_8
  • CVE-2011-0980 – Excel Dangling Pointer Vulnerability
    GAV MS.Xsl.E_4

MS11-022 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283)

  • CVE-2011-0685 – Floating Point Techno-color Time Bandit RCE Vulnerability
    GAV MS.Ppt.E
  • CVE-2011-0656 – Persist Directory RCE Vulnerability
    GAV MS.Ppt.E_2
  • CVE-2011-0976 – OfficeArt Atom RCE Vulnerability
    GAV MS.Ppt.E_3

MS11-023 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)

  • CVE-2011-0107 – Office Component Insecure Library Loading Vulnerability
    IPS 5726 Possible Binary Planting Attempt
  • CVE-2011-0977 – Microsoft Office Graphic Object Dereferencing Vulnerability
    GAV MS.Xsl.E_9

MS11-024 Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)

  • CVE-2010-3974 – Fax Cover Page Editor Memory Corruption Vulnerability
    GAV MS.cov.E

MS11-025 Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)

  • CVE-2010-3190 – MFC Insecure Library Loading Vulnerability
    IPS 5726 Possible Binary Planting Attempt

MS11-026 Vulnerability in MHTML Could Allow Information Disclosure (2503658)

  • CVE-2011-0096 – MHTML Mime-Formatted Request Vulnerability
    IPS 6205 MHTML Protocol Handler XSS Attack Attempt 4

MS11-027 Cumulative Security Update of ActiveX Kill Bits (2508272)

  • CVE-2010-0811 – Microsoft Internet Explorer 8 Developer Tools Vulnerability
    IPS 6437 MS Windows IE8 Developer Tools ActiveX Invocation Attempt
  • CVE-2010-3973 – Microsoft WMITools ActiveX Control Vulnerability
    IPS 6434 MS Windows WMITools ActiveX Control Invocation Attempt
  • CVE-2011-1243 – Microsoft Windows Messenger ActiveX Control Vulnerability
    IPS 6433 MS Windows Live Messenger ActiveX invocation attempt

MS11-028 Vulnera
bility in .NET Framework Could Allow Remote Code Execution (2484015)

  • CVE-2010-3958 – NET Framework Stack Corruption Vulnerability
    This is a local vulnerability.

MS11-029 Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)

  • CVE-2011-0041 – GDI+ Integer Overflow Vulnerability
    GAV ms11-029.ms

MS11-030 Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)

  • CVE-2011-0657 – DNS Query Vulnerability
    There is no feasable method of detection.

MS11-031 Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)

  • CVE-2011-0663 – Scripting Memory Reallocation Vulnerability
    There is no feasable method of detection.

MS11-032 Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)

  • CVE-2011-0034 – OpenType Font Stack Overflow Vulnerability
    IPS 6438 MS OpenType Font Stack Overflow Exploit

MS11-033 Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)

  • CVE-2011-0028 – WordPad Converter Parsing Vulnerability
    GAV ms11-033.ms.ttextflow
    GAV ms11-033.ms.tsplit

MS11-034 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)

  • CVE-2011-0662 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0665 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0666 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0667 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0670 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0671 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0672 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0673 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0674 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0675 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0676 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0677 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1225 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1226 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1227 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1228 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1229 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1230 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1231 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1232 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1233 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1234 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1235 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1236 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1237 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1238 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1239 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1240 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1241 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1242 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.