SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of November, 2010. A list of issues reported, along with SonicWALL coverage information follows:

MS10-087 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)

• CVE-2010-3333 – RTF Stack Buffer Overflow Vulnerability
  IPS 5950 Word RTF File Parsing Stack BO
• CVE-2010-3334 – Office Art Drawing Records Vulnerability
  IPS 5955 Office Art Drawing Records Vulnerability
• CVE-2010-3335 – Drawing Exception Handling Vulnerability
  IPS 5956 Malicious Excel Document 7b
• CVE-2010-3336 – MSO Large SPID Read AV Vulnerability
  IPS 5957 Malicious Word Document 5b
  IPS 5958 Malicious Excel Document 8b
• CVE-2010-3337 – Insecure Library Loading Vulnerability
  IPS 5726 Possible Binary Planting Attempt

MS10-088 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)

• CVE-2010-2572 – PowerPoint Parsing Buffer Overflow Vulnerability
  IPS 5954 Malicious PowerPoint Document 1b
• CVE-2010-2573 – PowerPoint Integer Underflow Causes Heap Corruption Vulnerability
  IPS 5945 Malicious PowerPoint Document 1b

MS10-089 Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)

• CVE-2010-2732 – UAG Redirection Spoofing Vulnerability
  Note: There is no way to differentiate malformed and legitimate traffic.
• CVE-2010-2733 – UAG XSS Allows EOP Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-2734 – XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3936 – XSS in Signurl.asp Vulnerability
  Note: There are no known public exploits targeting this vulnerability.