Microsoft Security Bulletin Coverage (Mar 12, 2013)


Dell SonicWALL has analysed and addressed Microsoft’s security advisories for the month of March, 2013. A list of issues reported, along with Dell SonicWALL coverage information follows:

MS13-021 Cumulative Security Update for Internet Explorer (2809289)

  • CVE-2013-0087 Internet Explorer OnResize Use After Free Vulnerability
    IPS:9708 DOM Object Use-After-Free Attack 4
  • CVE-2013-0088 Internet Explorer saveHistory Use After Free Vulnerability
    IPS:9709 Windows IE saveHistory Use-After-Free
  • CVE-2013-0089 Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability
    IPS:9711 DOM Object Use-After-Free Attack 5
  • CVE-2013-0090 Internet Explorer CCaret Use After Free Vulnerability
    IPS:9712 DOM Object Use-After-Free Attack 6
  • CVE-2013-0091 Internet Explorer CElement Use After Free Vulnerability
    IPS:9715 Windows IE CElement Use-After-Free
  • CVE-2013-0092 Internet Explorer GetMarkupPtr Use After Free Vulnerability
    IPS:9716 Windows IE GetMarkupPtr Use-After-Free
  • CVE-2013-0093 Internet Explorer onBeforeCopy Use After Free Vulnerability
    IPS:9717 Windows IE onBeforeCopy Use-After-Free
  • CVE-2013-0094 Internet Explorer removeChild Use After Free Vulnerability
    IPS:9718 Windows IE removeChild Use-After-Free
  • CVE-2013-1288 Internet Explorer CTreeNode Use After Free Vulnerability
    IPS:9612 Windows IE SLayoutRun Use-After-Free (MS13-009)

MS13-022 Vulnerability in Silverlight Could Allow Remote Code Execution (2814124)

  • CVE-2013-0074 Client Silverlight Double Dereference Vulnerability
    There are no known exploits in the wild.

MS13-023 Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution

  • CVE-2013-0079 Visio Viewer Tree Object Type Confusion Vulnerability
    IPS:9726 Malformed Visio Document 10

MS13-024 Vulnerabilities in SharePoint Could Allow Elevation of Privilege

  • CVE-2013-0080 Callback Function Vulnerability
    IPS:9722 Microsoft SharePoint XSS (MS13-024)
  • CVE-2013-0083 SharePoint XSS Vulnerability
    IPS:9723 Microsoft SharePoint XSS (MS13-024) 2
  • CVE-2013-0084 SharePoint Directory Traversal Vulnerability
    IPS:1067 HTTP Server Directory Traversal Attack 7
  • CVE-2013-0085 Buffer Overflow Vulnerability
    There are no known exploits in the wild.

MS13-025 Vulnerability in Microsoft OneNote Could Allow Information Disclosure

  • CVE-2013-0086 Buffer Size Validation Vulnerability

MS13-026 Vulnerability in Office Outlook for Mac Could Allow Information Disclosure

  • CVE-2013-0095 Unintended Content Loading Vulnerability
    There are no known exploits in the wild.

MS13-027 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege

  • CVE-2013-1285 Windows USB Descriptor Vulnerability
    Local vulnerability
  • CVE-2013-1286 Windows USB Descriptor Vulnerability
    Local vulnerability
  • CVE-2013-1287 Windows USB Descriptor Vulnerability
    Local vulnerability
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.