Security News

Microsoft Security Bulletin Coverage (Oct 11, 2011)

By

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of October, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-075 Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)

  • CVE-2011-1247 Active Accessibility Insecure Library Loading Vulnerability
    IPS: 5726 – Possible Binary Planting Attempt

MS11-076 Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)

  • CVE-2011-2009 Media Center Insecure Library Loading Vulnerability
    IPS: 5726 – Possible Binary Planting Attempt

MS11-077 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)

  • CVE-2011-1985 Win32k Null Pointer De-reference Vulnerability
    This is a local vulnerability.
  • CVE-2011-2002 Win32k TrueType Font Type Translation Vulnerability
    There is no feasible method of detection.
  • CVE-2011-2003 Font Library File Buffer Overrun Vulnerability
    IPS: 2252 – Malformed OpenType Font 10b
  • CVE-2011-2011 Win32k Use After Free Vulnerability
    There is no feasible method of detection.

MS11-078 Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)

  • CVE-2011-1253 Class Inheritance Vulnerability
    GAV: MsApp.Exp.MP.1

MS11-079 Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)

  • CVE-2011-1895 ExcelTable Response Splitting XSS Vulnerability
    IPS: 2418 – ExcelTable Code Injection 1
  • CVE-2011-1896 ExcelTable Reflected XSS Vulnerability
    IPS: 2419 – ExcelTable Code Injection 2
  • CVE-2011-1897 Default Reflected XSS Vulnerability
    IPS: 2300 – Generic Cross-Site Scripting (XSS) Attempt 24
  • CVE-2011-1969 Poisoned Cup of Code Execution Vulnerability
    IPS: 2420 – Generic Java Applet Exploit 3
  • CVE-2011-2012 Null Session Cookie Crash
    IPS: 2258 – Suspicious HTTP Cookie Header 3

MS11-080 Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)

  • CVE-2011-2005 Ancillary Function Driver Elevation of Privilege Vulnerability
    This is a local vulnerability.

MS11-081 Cumulative Security Update for Internet Explorer (2586448)

  • CVE-2011-1993 Scroll Event Remote Code Execution Vulnerability
    IPS: 7029 – MS IE Scroll Event Remote Code Execution Exploit
  • CVE-2011-1995 OLEAuto32.dll Remote Code Execution Vulnerability
    IPS: 7028 – MS IE OLEAuto32.dll Remote Code Execution Exploit
  • CVE-2011-1996 Option Element Remote Code Execution Vulnerability
    IPS: 7027 – MS IE Option Element Remote Code Execution Exploit
  • CVE-2011-1997 OnLoad Event Remote Code Execution Vulnerability
    IPS: 7026 – MS IE OnLoad Event Remote Code Execution Exploit
  • CVE-2011-1998 Jscript9.dll Remote Code Execution Vulnerability
    IPS: 7025 – MS IE Jscript9.dll Remote Code Execution Exploit
  • CVE-2011-1999 Select Element Remote Code Execution Vulnerability
    IPS: 7024 – MS IE Select Element Remote Code Execution Exploit
  • CVE-2011-2000 Body Element Remote Code Execution Vulnerability
    IPS: 7022 – MS IE Body Element Remote Code Execution Exploit
  • CVE-2011-2001 Virtual Function Table Corruption Remote Code Execution Vulnerability
    IPS: 7021 – MS IE Virtual Function Table Corruption Exploit

MS11-082 Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)

  • CVE-2011-2007 Endless Loop DoS in snabase.exe Vulnerability
    IPS: 5012 – Generic UDP Shellcode Exploit 2
  • CVE-2011-2008 Access of Unallocated Memory DoS Vulnerability
    IPS: 4896 – Generic Server Application Shellcode Exploit 9
    IPS: 5512 – Generic Server Application Shellcode Exploit 28
    IPS: 6701 – MS Host Integration Server DoS
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
Apple QuickTime QTPlugin Code Execution (Sept 2, 2010)
Michael Jackson Video Trojan (June 26, 2009)
Adobe Flash Player ActionScript Vulnerability (Apr 22, 2011)
Oracle Java Font Processing Vulnerability (May 31, 2013)
ECCENTRIC BANDWAGON, DPRK
JBOSS Marshalled Object Remote Code Execution Vulnerability (November 27, 2013)
Bifrose.FPB a new variant of Info-stealer Bifrose actively spreading in the wild
Noisy Spam Malware - New Cutwail Variant (Jan 16, 2014)