Microsoft Security Bulletin Coverage (Dec 13, 2011)

By

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of December, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-087 Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)

  • CVE-2011-3402 TrueType Font Parsing Vulnerability
    GAV: Malformed.ttf.MP.1

MS11-088 Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016)

  • CVE-2011-2010 Pinyin IME Elevation Vulnerability
    This is a local vulnerability.

MS11-089 Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602)

  • CVE-2011-1983 Word Use After Free Vulnerability
    GAV: Malformed.doc.MP.4

MS11-090 Cumulative Security Update of ActiveX Kill Bits (2618451)

  • CVE-2011-3397 Microsoft Time Remote Code Execution Vulnerability
    IPS: 7224 – MS IE Time Element Remote Code Execution 1
    IPS: 7225 – MS IE Time Element Remote Code Execution 2

MS11-091 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702)

  • CVE-2011-1508 Publisher Function Pointer Overwrite Vulnerability
    No details available.
  • CVE-2011-3410 Publisher Out-of-bounds Array Index Vulnerability
    IPS: 7226 – Malformed Publisher Document 3b
  • CVE-2011-3411 Publisher Invalid Pointer Vulnerability
    IPS: 7227 – Malformed Publisher Document 4b
  • CVE-2011-3412 Publisher Memory Corruption Vulnerability
    IPS: 7228 – Malformed Publisher Document 5b

MS11-092 Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)

  • CVE-2011-3401 Windows Media Player DVR-MS Memory Corruption Vulnerability
    GAV: MsApp.Exp.MP.2

MS11-093 Vulnerability in OLE Could Allow Remote Code Execution (2624667)

  • CVE-2011-3400 OLE Property Vulnerability
    IPS: 7230 – Malformed Visio Document 4b

MS11-094 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)

  • CVE-2011-3396 PowerPoint Insecure Library Loading Vulnerability
    IPS: 5726 – Possible Binary Planting Attempt 1
    IPS: 1023 – Possible Binary Planting Attempt 2
    IPS: 6847 – Possible Binary Planting Attempt 3
  • CVE-2011-3413 OfficeArt Shape RCE Vulnerability
    GAV: Malformed.ppt.MP.2

MS11-095 Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)

  • CVE-2011-3396 PowerPoint Insecure Library Loading Vulnerability
    It is not possible to distinguish attack from normal traffic.

MS11-096 Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)

  • CVE-2011-3403 Record Memory Corruption Vulnerability
    GAV: Malformed.xls.MP.11

MS11-097 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712)

  • CVE-2011-3408 CSRSS Local Privilege Elevation Vulnerability
    This is a local vulnerability.

MS11-098 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)

  • CVE-2011-2018 Windows Kernel Exception Handler Vulnerability
    This is a local vulnerability.

MS11-099 Cumulative Security Update for Internet Explorer (2618444)

  • CVE-2011-1992 XSS Filter Information Disclosure Vulnerability
    This is a cross domain vulnerability. It is not possible to distinguish attack from normal traffic.
  • CVE-2011-2019 Internet Explorer Insecure Library Loading Vulnerability
    IPS: 5726 – Possible Binary Planting Attempt 1
    IPS: 1023 – Possible Binary Planting Attempt 2
    IPS: 6847 – Possible Binary Planting Attempt 3
  • CVE-2011-3404 Content-Disposition Information Disclosure Vulnerability
    It is not possible to distinguish attack from normal traffic.
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.