Microsoft Security Bulletins Coverage (Jun 15, 2011)
SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of June, 2011. A list of issues reported, along with SonicWALL coverage information follows:
MS11-037 Vulnerability in MHTML Could Allow Information Disclosure (2544893)- MHTML Mime-Formatted Request Vulnerability – CVE-2011-1894
IPS 6154 MHTML Protocol Handler XSS Attack 1
IPS 6155 MHTML Protocol Handler XSS Attack 2
IPS 6201 MHTML Protocol Handler XSS Attack 3
MS11-038 Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
- OLE Automation Underflow Vulnerability – CVE-2011-0658
IPS 4297 Generic Client Application Shellcode Exploit 1
- .NET Framework Array Offset Vulnerability – CVE-2011-0664
This is a local vulnerability.
- TMG Firewall Client Memory Corruption Vulnerability – CVE-2011-1889
There is no feasible method of detection.
MS11-041 Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
- Win32k OTF Validation Vulnerability – CVE-2011-1873
There is no feasible method of detection.
MS11-042 Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
- DFS Memory Corruption Vulnerability – CVE-2011-1868
IPS 6714 Suspicious CIFS Traffic 7 - DFS Referral Response Vulnerability – CVE-2011-1869
There is no feasible method of detection.
MS11-043 Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
- SMB Response Parsing Vulnerability – CVE-2011-1268
IPS 6713 Suspicious CIFS Traffic 6
MS11-044 Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
- .NET Framework JIT Optimization Vulnerability – CVE-2011-1271
There is no feasible method of detection.
MS11-045 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
- Excel Insufficient Record Validation Vulnerability – CVE-2011-1272
IPS 6707 Malicious Excel Document 11b - Excel Improper Record Parsing Vulnerability – CVE-2011-1273
IPS 6708 Malicious Excel Document 12b - Excel Out of Bounds Array Access Vulnerability – CVE-2011-1274
IPS 6709 Malicious Excel Document 13b - Excel Memory Heap Overwrite Vulnerability – CVE-2011-1275
IPS 6710 Malicious Excel Document 14b - Excel Buffer Overrun Vulnerability – CVE-2011-1276
IPS 6718 Malicious Excel Document 16b - Excel Memory Corruption Vulnerability – CVE-2011-1277
IPS 6719 Malicious Excel Document 17b - Excel WriteAV Vulnerability – CVE-2011-1278
IPS 6721 Malicious Excel Document 18b - Excel Out of Bounds WriteAV Vulnerability – CVE-2011-1279
IPS 6715 Malicious Excel Document 15b
MS11-046 Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
- Ancillary Function Driver Elevation of Privilege Vulnerability – CVE-2011-1249
This is a local vulnerability.
MS11-047 Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
- VMBus Persistent DoS Vulnerability – CVE-2011-1872
This is a local vulnerability.
MS11-048 Vulnerability in SMB Server Could Allow Denial of Service (2536275)
- SMB Request Parsing Vulnerability – CVE-2011-1267
IPS 6712 Suspicious CIFS Traffic 5
MS11-049 Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
- XML External Entities Resolution Vulnerability – CVE-2011-1280
There is no feasible method of detection.
MS11-050 Cumulative Security Update for Internet Explorer (2530548)
- MIME Sniffing Information Disclosure Vulnerability – CVE-2011-1246
There is no feasible method of detection. - Link Properties Handling Memory Corruption Vulnerability – CVE-2011-1250
There is no feasible method of detect
ion. - DOM Manipulation Memory Corruption Vulnerability – CVE-2011-1251
IPS 6723 MS IE DOM Manipulation Memory Corruption Attack - toStaticHTML Information Disclosure Vulnerability – CVE-2011-1252
There is no feasible method of detection. - Drag and Drop Memory Corruption Vulnerability – CVE-2011-1254
IPS 6722 MS IE Drag and Drop Memory Corruption Attack - Time Element Memory Corruption Vulnerability – CVE-2011-1255
There is no feasible method of detection. - DOM Modification Memory Corruption Vulnerability – CVE-2011-1256
There is no feasible method of detection. - Drag and Drop Information Disclosure Vulnerability – CVE-2011-1258
There is no feasible method of detection. - Layout Memory Corruption Vulnerability – CVE-2011-1260
IPS 6148 Suspicious HTML BDO Tag - Selection Object Memory Corruption Vulnerability – CVE-2011-1261
IPS 6717 MS IE Selection Object Memory Corruption Attack - HTTP Redirect Memory Corruption Vulnerability – CVE-2011-1262
IPS 6716 MS IE HTTP Redirect Memory Corruption Attack
- Active Directory Certificate Services Vulnerability – CVE-2011-1264
IPS 1369 Generic Cross-Site Scripting (XSS) Attempt 1
IPS 3700 Generic Cross-Site Scripting (XSS) Attempt 3
IPS 4948 Generic Cross-Site Scripting (XSS) Attempt 4
IPS 1380 Generic Cross-Site Scripting (XSS) Attempt 5
IPS 1381 Generic Cross-Site Scripting (XSS) Attempt 6
MS11-052 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)
- VML Memory Corruption Vulnerability – CVE-2011-1266
IPS 6711 MS VML Memory Corruption PoC
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
