Microsoft Security Bulletins Coverage (Jun 15, 2011)

By

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of June, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-037 Vulnerability in MHTML Could Allow Information Disclosure (2544893)

  • MHTML Mime-Formatted Request Vulnerability – CVE-2011-1894
    IPS 6154 MHTML Protocol Handler XSS Attack 1
    IPS 6155 MHTML Protocol Handler XSS Attack 2
    IPS 6201 MHTML Protocol Handler XSS Attack 3

MS11-038 Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)

  • OLE Automation Underflow Vulnerability – CVE-2011-0658
    IPS 4297 Generic Client Application Shellcode Exploit 1

MS11-039 Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)

  • .NET Framework Array Offset Vulnerability – CVE-2011-0664
    This is a local vulnerability.

MS11-040 Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)

  • TMG Firewall Client Memory Corruption Vulnerability – CVE-2011-1889
    There is no feasible method of detection.

MS11-041 Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)

  • Win32k OTF Validation Vulnerability – CVE-2011-1873
    There is no feasible method of detection.

MS11-042 Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)

  • DFS Memory Corruption Vulnerability – CVE-2011-1868
    IPS 6714 Suspicious CIFS Traffic 7
  • DFS Referral Response Vulnerability – CVE-2011-1869
    There is no feasible method of detection.

MS11-043 Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)

  • SMB Response Parsing Vulnerability – CVE-2011-1268
    IPS 6713 Suspicious CIFS Traffic 6

MS11-044 Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)

  • .NET Framework JIT Optimization Vulnerability – CVE-2011-1271
    There is no feasible method of detection.

MS11-045 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)

  • Excel Insufficient Record Validation Vulnerability – CVE-2011-1272
    IPS 6707 Malicious Excel Document 11b
  • Excel Improper Record Parsing Vulnerability – CVE-2011-1273
    IPS 6708 Malicious Excel Document 12b
  • Excel Out of Bounds Array Access Vulnerability – CVE-2011-1274
    IPS 6709 Malicious Excel Document 13b
  • Excel Memory Heap Overwrite Vulnerability – CVE-2011-1275
    IPS 6710 Malicious Excel Document 14b
  • Excel Buffer Overrun Vulnerability – CVE-2011-1276
    IPS 6718 Malicious Excel Document 16b
  • Excel Memory Corruption Vulnerability – CVE-2011-1277
    IPS 6719 Malicious Excel Document 17b
  • Excel WriteAV Vulnerability – CVE-2011-1278
    IPS 6721 Malicious Excel Document 18b
  • Excel Out of Bounds WriteAV Vulnerability – CVE-2011-1279
    IPS 6715 Malicious Excel Document 15b

MS11-046 Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)

  • Ancillary Function Driver Elevation of Privilege Vulnerability – CVE-2011-1249
    This is a local vulnerability.

MS11-047 Vulnerability in Hyper-V Could Allow Denial of Service (2525835)

  • VMBus Persistent DoS Vulnerability – CVE-2011-1872
    This is a local vulnerability.

MS11-048 Vulnerability in SMB Server Could Allow Denial of Service (2536275)

  • SMB Request Parsing Vulnerability – CVE-2011-1267
    IPS 6712 Suspicious CIFS Traffic 5

MS11-049 Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)

  • XML External Entities Resolution Vulnerability – CVE-2011-1280
    There is no feasible method of detection.

MS11-050 Cumulative Security Update for Internet Explorer (2530548)

  • MIME Sniffing Information Disclosure Vulnerability – CVE-2011-1246
    There is no feasible method of detection.
  • Link Properties Handling Memory Corruption Vulnerability – CVE-2011-1250
    There is no feasible method of detect
    ion.
  • DOM Manipulation Memory Corruption Vulnerability – CVE-2011-1251
    IPS 6723 MS IE DOM Manipulation Memory Corruption Attack
  • toStaticHTML Information Disclosure Vulnerability – CVE-2011-1252
    There is no feasible method of detection.
  • Drag and Drop Memory Corruption Vulnerability – CVE-2011-1254
    IPS 6722 MS IE Drag and Drop Memory Corruption Attack
  • Time Element Memory Corruption Vulnerability – CVE-2011-1255
    There is no feasible method of detection.
  • DOM Modification Memory Corruption Vulnerability – CVE-2011-1256
    There is no feasible method of detection.
  • Drag and Drop Information Disclosure Vulnerability – CVE-2011-1258
    There is no feasible method of detection.
  • Layout Memory Corruption Vulnerability – CVE-2011-1260
    IPS 6148 Suspicious HTML BDO Tag
  • Selection Object Memory Corruption Vulnerability – CVE-2011-1261
    IPS 6717 MS IE Selection Object Memory Corruption Attack
  • HTTP Redirect Memory Corruption Vulnerability – CVE-2011-1262
    IPS 6716 MS IE HTTP Redirect Memory Corruption Attack

MS11-051 Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)

  • Active Directory Certificate Services Vulnerability – CVE-2011-1264
    IPS 1369 Generic Cross-Site Scripting (XSS) Attempt 1
    IPS 3700 Generic Cross-Site Scripting (XSS) Attempt 3
    IPS 4948 Generic Cross-Site Scripting (XSS) Attempt 4
    IPS 1380 Generic Cross-Site Scripting (XSS) Attempt 5
    IPS 1381 Generic Cross-Site Scripting (XSS) Attempt 6

MS11-052 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)

  • VML Memory Corruption Vulnerability – CVE-2011-1266
    IPS 6711 MS VML Memory Corruption PoC
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.