SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of April, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-018 Cumulative Security Update for Internet Explorer (2497640)

• CVE-2011-0094 – Layouts Handling Memory Corruption Vulnerability
  IPS 6432 MS IE Memory Corruption Vulnerability
• CVE-2011-0346 – MSHTML Memory Corruption Vulnerability
  There is no feasable method of detection.
• CVE-2011-1245 – Javascript Information Disclosure Vulnerability
  IPS 6435 MS IE Javascript Information Disclosure Vulnerability
• CVE-2011-1345 – Object Management Memory Corruption Vulnerability
  IPS 6427 MS IE Double Release Object Vulnerability
  IPS 6428 MS IE Double Release Object Vulnerability 2
  GAV IExploit.A6428

MS11-019 Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)

• CVE-2011-0654 – Browser Pool Corruption Vulnerability
  IPS 6248 Generic Netbios Shellcode Exploit
• CVE-2011-0660 – SMB Client Response Parsing Vulnerability
  IPS 6436 SMB Client Response Parsing Vulnerability Exploit

MS11-020 Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)

• CVE-2011-0661 – SMB Transaction Parsing Vulnerability
  There is no feasable method of detection.

MS11-021 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)

• CVE-2011-0097 – Excel Integer Overrun Vulnerability
  GAV MS.Xsl.E
• CVE-2011-0098 – Excel Heap Overflow Vulnerability
  GAV MS.Xsl.E_2
• CVE-2011-0101 – Excel Record Parsing WriteAV Vulnerability
  GAV MS.Xsl.E_3
• CVE-2011-0103 – Excel Memory Corruption Vulnerability
  GAV MS.Xsl.E_5
• CVE-2011-0104 – Excel Buffer Overwrite Vulnerability
  GAV Hlink.BO.A
  GAV Hlink.BO.B
• CVE-2011-0105 – Excel Data Initialization Vulnerability
  GAV MS.Xsl.E_6
• CVE-2011-0978 – Excel Array Indexing Vulnerability
  GAV MS.Xsl.E_7
• CVE-2011-0979 – Excel Linked List Corruption Vulnerability
  GAV MS.Xsl.E_8
• CVE-2011-0980 – Excel Dangling Pointer Vulnerability
  GAV MS.Xsl.E_4

MS11-022 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283)

• CVE-2011-0685 – Floating Point Techno-color Time Bandit RCE Vulnerability
  GAV MS.Ppt.E
• CVE-2011-0656 – Persist Directory RCE Vulnerability
  GAV MS.Ppt.E_2
• CVE-2011-0976 – OfficeArt Atom RCE Vulnerability
  GAV MS.Ppt.E_3

MS11-023 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)

• CVE-2011-0107 – Office Component Insecure Library Loading Vulnerability
  IPS 5726 Possible Binary Planting Attempt
• CVE-2011-0977 – Microsoft Office Graphic Object Dereferencing Vulnerability
  GAV MS.Xsl.E_9

MS11-024 Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)

• CVE-2010-3974 – Fax Cover Page Editor Memory Corruption Vulnerability
  GAV MS.cov.E

MS11-025 Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)

• CVE-2010-3190 – MFC Insecure Library Loading Vulnerability
  IPS 5726 Possible Binary Planting Attempt

MS11-026 Vulnerability in MHTML Could Allow Information Disclosure (2503658)

• CVE-2011-0096 – MHTML Mime-Formatted Request Vulnerability
  IPS 6205 MHTML Protocol Handler XSS Attack Attempt 4

MS11-027 Cumulative Security Update of ActiveX Kill Bits (2508272)

• CVE-2010-0811 – Microsoft Internet Explorer 8 Developer Tools Vulnerability
  IPS 6437 MS Windows IE8 Developer Tools ActiveX Invocation Attempt
• CVE-2010-3973 – Microsoft WMITools ActiveX Control Vulnerability
  IPS 6434 MS Windows WMITools ActiveX Control Invocation Attempt
• CVE-2011-1243 – Microsoft Windows Messenger ActiveX Control Vulnerability
  IPS 6433 MS Windows Live Messenger ActiveX invocation attempt

MS11-028 Vulnera
bility in .NET Framework Could Allow Remote Code Execution (2484015)

• CVE-2010-3958 – NET Framework Stack Corruption Vulnerability
  This is a local vulnerability.

MS11-029 Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)

• CVE-2011-0041 – GDI+ Integer Overflow Vulnerability
  GAV ms11-029.ms

MS11-030 Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)

• CVE-2011-0657 – DNS Query Vulnerability
  There is no feasable method of detection.

MS11-031 Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)

• CVE-2011-0663 – Scripting Memory Reallocation Vulnerability
  There is no feasable method of detection.

MS11-032 Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)

• CVE-2011-0034 – OpenType Font Stack Overflow Vulnerability
  IPS 6438 MS OpenType Font Stack Overflow Exploit

MS11-033 Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)

• CVE-2011-0028 – WordPad Converter Parsing Vulnerability
  GAV ms11-033.ms.ttextflow
  GAV ms11-033.ms.tsplit

MS11-034 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)

• CVE-2011-0662 – Win32k Use After Free Vulnerability
  Local authenticated vulnerability
• CVE-2011-0665 – Win32k Use After Free Vulnerability
  Local authenticated vulnerability
• CVE-2011-0666 – Win32k Use After Free Vulnerability
  Local authenticated vulnerability
• CVE-2011-0667 – Win32k Use After Free Vulnerability
  Local authenticated vulnerability
• CVE-2011-0670 – Win32k Use After Free Vulnerability
  Local authenticated vulnerability
• CVE-2011-0671 – Win32k Use After Free Vulnerability
  Local authenticated vulnerability
• CVE-2011-0672 – Win32k Use After Free Vulnerability
  Local authenticated vulnerability
• CVE-2011-0673 – Win32k Null Pointer De-reference Vulnerability
  Local authenticated vulnerability
• CVE-2011-0674 – Win32k Use After Free Vulnerability
  Local authenticated vulnerability
• CVE-2011-0675 – Win32k Use After Free Vulnerability
  Local authenticated vulnerability
• CVE-2011-0676 – Win32k Null Pointer De-reference Vulnerability
  Local authenticated vulnerability
• CVE-2011-0677 – Win32k Null Pointer De-reference Vulnerability
  Local authenticated vulnerability
• CVE-2011-1225 – Win32k Null Pointer De-reference Vulnerability
  Local authenticated vulnerability
• CVE-2011-1226 – Win32k Null Pointer De-reference Vulnerability
  Local authenticated vulnerability
• CVE-2011-1227 – Win32k Null Pointer De-reference Vulnerability
  Local authenticated vulnerability
• CVE-2011-1228 – Win32k Null Pointer De-reference Vulnerability
  Local authenticated vulnerability
• CVE-2011-1229 – Win32k Null Pointer De-reference Vulnerability
  Local authenticated vulnerability
• CVE-2011-1230 – Win32k Null Pointer De-reference Vulnerability
  Local authenticated vulnerability
• CVE-2011-1231 – Win32k Null Pointer De-reference Vulnerability
  Local authenticated vulnerability
• CVE-2011-1232 – Win32k Null Pointer De-reference Vulnerability
  Local authenticated vulnerability
• CVE-2011-1233 – Win32k Null Pointer De-reference Vulnerability
  Local authenticated vulnerability
• CVE-2011-1234 – Win32k Use After Free Vulnerability
  Local authenticated vulnerability
• CVE-2011-1235 – Win32k Use After Free Vulnerability
  Local authenticated vulnerability
• CVE-2011-1236 – Win32k Use After Free Vulnerability
  Local authenticated vulnerability
• CVE-2011-1237 – Win32k Use After Free Vulnerability
  Local authenticated vulnerability
• CVE-2011-1238 – Win32k Use After Free Vulnerability
  Local authenticated vulnerability
• CVE-2011-1239 – Win32k Use After Free Vulnerability
  Local authenticated vulnerability
• CVE-2011-1240 – Win32k Use After Free Vulnerability
  Local authenticated vulnerability
• CVE-2011-1241 – Win32k Use After Free Vulnerability
  Local authenticated vulnerability
• CVE-2011-1242 – Win32k Use After Free Vulnerability
  Local authenticated vulnerability