Microsoft Security Bulletin Coverage (May 14, 2013)

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of May, 2013. A list of issues reported, along with Dell SonicWALL coverage information follows:

MS13-037 Cumulative Security Update for Internet Explorer (2829530)

• CVE-2013-2551 Internet Explorer Use After Free Vulnerability
  IPS: 9897 “Windows IE VML shape object Memory Corruption”
• CVE-2013-1313 Internet Explorer Use After Free Vulnerability
  IPS: 9601 “Windows OLE Automation Remote Code Execution 2 (MS13-020)”
  IPS: 9635 “Windows OLE Automation Remote Code Execution 3 (MS13-020)”
  IPS: 9636 “Windows OLE Automation Remote Code Execution 4 (MS13-020)”
• CVE-2013-1312 Internet Explorer Use After Free Vulnerability
  IPS: 9899 “Windows IE DOM Object Use-After-Free 5”
• CVE-2013-1311 Internet Explorer Use After Free Vulnerability
  IPS: 9896 “Windows IE DOM Object Use-After-Free 4”
• CVE-2013-1310 Internet Explorer Use After Free Vulnerability
  IPS: 9895 “Windows IE DOM Object Use-After-Free 3”
• CVE-2013-1309 Internet Explorer Use After Free Vulnerability
  IPS: 9894 “Windows IE CDispNode Use-After-Free”
• CVE-2013-1308 Internet Explorer Use After Free Vulnerability
  IPS: 9609 “DOM Object Use-After-Free Attack 3”
• CVE-2013-1307 Internet Explorer Use After Free Vulnerability
  IPS: 7454 “HTTP Client Shellcode Exploit 35a”
• CVE-2013-1306 Internet Explorer Use After Free Vulnerability
  IPS: 9900 “Windows IE DOM Object Use-After-Free 6”
• CVE-2013-1297 JSON Array Information Disclosure Vulnerability
  IPS: 9891 “Windows IE JSON Information Disclosure”
• CVE-2013-0811 Internet Explorer Use After Free Vulnerability
  Not feasible to detect the vulnerability.

MS13-038 Security Update for Internet Explorer (2847204)

• CVE-2013-1347 Security Update for Internet Explorer
  IPS: 9470 “DOM Object Use-After-Free Attack 2”
  IPS: 9871 “Obfuscated HTML Code 3a”
  IPS: 9872 “Windows IE DOM Object Use-After-Free 1”
  IPS: 9873 “Windows IE DOM Object Use-After-Free 2”

MS13-039 Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)

• CVE-2013-1305 HTTP.sys Denial of Service Vulnerability
  IPS: 9893 “Suspicious HTTP Accept-Encoding Header 1”

MS13-040 Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)

• CVE-2013-1337 Authentication Bypass Vulnerability
  Cannot distinguish between normal and attack traffic.
• CVE-2013-1336 XML Digital Signature Spoofing Vulnerability
  Cannot distinguish between normal and attack traffic.

MS13-041 Vulnerability in Lync Could Allow Remote Code Execution (2834695)

• CVE-2013-1302 Lync RCE Vulnerability
  There are no known exploits in the wild.

MS13-42 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397)

• CVE-2013-1329 Publisher Buffer Underflow Vulnerability
  There are no known exploits in the wild.
• CVE-2013-1328 Publisher Pointer Handling Vulnerability
  There are no known exploits in the wild.
• CVE-2013-1327 Publisher Signed Integer Vulnerability
  There are no known exploits in the wild.
• CVE-2013-1323 Publisher Incorrect NULL Value Handling Vulnerability
  There are no known exploits in the wild.
• CVE-2013-1322 Publisher Invalid Range Check Vulnerability
  There are no known exploits in the wild.
• CVE-2013-1321 Publisher Return Value Validation Vulnerability
  There are no known exploits in the wild.
• CVE-2013-1320 Publisher Buffer Overflow Vulnerability
  There are no known exploits in the wild.
• CVE-2013-1319 Publisher Return Value Handling Vulnerability
  There are no known exploits in the wild.
• CVE-2013-1318 Publisher Corrupt Interface Pointer Vulnerability
  There are no known exploits in the wild.
• CVE-2013-1317 Publisher Integer Overflow Vulnerability
  There are no known exploits in the wild.
• CVE-2013-1316 Publisher Negative Value Allocation Vulnerability
  There are no known exploits in the wild.

MS13-043 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)

• CVE-2013-1335 Word Shape Corruption Vulnerability
  There are no known exploits in the wild.

MS13-044 Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692)

• CVE-2013-1301 XML External Entities Resolution Vulnerability
  IPS: 9892 “Microsoft Visio Information Disclosure”

MS13-045 Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)

• CVE-2013-0096 Windows Essentials Improper URI Handling Vulnerability
  There are no known exploits in the wild.

MS13-046 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221)

• CVE-2013-1334 Win32k Window Handle Vulnerability
  It’s elevation of privilege, not feasible to detect.
• CVE-2013-1333 Win32k Buffer Overflow Vulnerability
  It’s elevation of privilege, not feasible to detect.
• CVE-2013-1332 DirectX Graphics Kernel Subsystem Double Fetch Vulnerability
  It’s elevation of privilege, not feasible to detect.

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.