Posts

Microsoft Security Bulletins Coverage (Sept 13, 2011)

/in /by

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of September, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege (2571621)

  • CVE-2011-1984 WINS Local Elevation of Privilege Vulnerability
    Local vulnerability.

MS11-071 Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)

  • CVE-2011-1991 Windows Components Insecure Library Loading Vulnerability
    IPS: 5726 – Possible Binary Planting Attempt

MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)

  • CVE-2011-1986 Excel Use after Free WriteAV Vulnerability
    GAV: Malformed.xls.MP.2
  • CVE-2011-1987 Excel Out of Bounds Array Indexing Vulnerability
    GAV: Malformed.xls.MP.3
  • CVE-2011-1988 Excel Heap Corruption Vulnerability
    GAV: Malformed.xls.MP.4, Malformed.xls.MP.5, Malformed.xls.MP.6
  • CVE-2011-1989 Excel Conditional Expression Parsing Vulnerability
    GAV: Malformed.xls.MP.7
  • CVE-2011-1990 Excel Out of Bounds Array Indexing Vulnerability
    GAV: Malformed.xls.MP.8

MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)

  • CVE-2011-1980 Office Component Insecure Library Loading Vulnerability
    IPS: 5726 Possible Binary Planting Attempt
  • CVE-2011-1982 Office Uninitialized Object Pointer Vulnerability
    GAV: Malformed.doc.MP.3

MS11-074 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)

  • CVE-2011-0653 XSS in SharePoint Calendar Vulnerability
    IPS: 6753 – Generic Cross-Site Scripting (XSS) Attempt 8
  • CVE-2011-1252 HTML Sanitization Vulnerability
    IPS: 6797 MS IE toStaticHTML XSS 3
  • CVE-2011-1890 Editform Script Injection Vulnerability
    IPS: 1868 Generic Cross-Site Scripting (XSS) Attempt 21
  • CVE-2011-1891 Contact Details Reflected XSS Vulnerability
    IPS: 1849 Generic Cross-Site Scripting (XSS) Attempt 20
  • CVE-2011-1892 SharePoint Remote File Disclosure Vulnerability
    IPS: 1856 SharePoint Remote File Disclosure
  • CVE-2011-1893 SharePoint XSS Vulnerability
    IPS: 1369 Generic Cross-Site Scripting (XSS) Attempt 1, 6752 Generic Cross-Site Scripting (XSS) Attempt 7

Microsoft Security Bulletins Coverage (Jun 15, 2011)

/in /by

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of June, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-037 Vulnerability in MHTML Could Allow Information Disclosure (2544893)

  • MHTML Mime-Formatted Request Vulnerability – CVE-2011-1894
    IPS 6154 MHTML Protocol Handler XSS Attack 1
    IPS 6155 MHTML Protocol Handler XSS Attack 2
    IPS 6201 MHTML Protocol Handler XSS Attack 3

MS11-038 Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)

  • OLE Automation Underflow Vulnerability – CVE-2011-0658
    IPS 4297 Generic Client Application Shellcode Exploit 1

MS11-039 Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)

  • .NET Framework Array Offset Vulnerability – CVE-2011-0664
    This is a local vulnerability.

MS11-040 Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)

  • TMG Firewall Client Memory Corruption Vulnerability – CVE-2011-1889
    There is no feasible method of detection.

MS11-041 Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)

  • Win32k OTF Validation Vulnerability – CVE-2011-1873
    There is no feasible method of detection.

MS11-042 Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)

  • DFS Memory Corruption Vulnerability – CVE-2011-1868
    IPS 6714 Suspicious CIFS Traffic 7

  • DFS Referral Response Vulnerability – CVE-2011-1869
    There is no feasible method of detection.

MS11-043 Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)

  • SMB Response Parsing Vulnerability – CVE-2011-1268
    IPS 6713 Suspicious CIFS Traffic 6

MS11-044 Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)

  • .NET Framework JIT Optimization Vulnerability – CVE-2011-1271
    There is no feasible method of detection.

MS11-045 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)

  • Excel Insufficient Record Validation Vulnerability – CVE-2011-1272
    IPS 6707 Malicious Excel Document 11b

  • Excel Improper Record Parsing Vulnerability – CVE-2011-1273
    IPS 6708 Malicious Excel Document 12b

  • Excel Out of Bounds Array Access Vulnerability – CVE-2011-1274
    IPS 6709 Malicious Excel Document 13b

  • Excel Memory Heap Overwrite Vulnerability – CVE-2011-1275
    IPS 6710 Malicious Excel Document 14b

  • Excel Buffer Overrun Vulnerability – CVE-2011-1276
    IPS 6718 Malicious Excel Document 16b

  • Excel Memory Corruption Vulnerability – CVE-2011-1277
    IPS 6719 Malicious Excel Document 17b

  • Excel WriteAV Vulnerability – CVE-2011-1278
    IPS 6721 Malicious Excel Document 18b

  • Excel Out of Bounds WriteAV Vulnerability – CVE-2011-1279
    IPS 6715 Malicious Excel Document 15b

MS11-046 Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)

  • Ancillary Function Driver Elevation of Privilege Vulnerability – CVE-2011-1249
    This is a local vulnerability.

MS11-047 Vulnerability in Hyper-V Could Allow Denial of Service (2525835)

  • VMBus Persistent DoS Vulnerability – CVE-2011-1872
    This is a local vulnerability.

MS11-048 Vulnerability in SMB Server Could Allow Denial of Service (2536275)

  • SMB Request Parsing Vulnerability – CVE-2011-1267
    IPS 6712 Suspicious CIFS Traffic 5

MS11-049 Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)

  • XML External Entities Resolution Vulnerability – CVE-2011-1280
    There is no feasible method of detection.

MS11-050 Cumulative Security Update for Internet Explorer (2530548)

  • MIME Sniffing Information Disclosure Vulnerability – CVE-2011-1246
    There is no feasible method of detection.

  • Link Properties Handling Memory Corruption Vulnerability – CVE-2011-1250
    There is no feasible method of detect
    ion.

  • DOM Manipulation Memory Corruption Vulnerability – CVE-2011-1251
    IPS 6723 MS IE DOM Manipulation Memory Corruption Attack

  • toStaticHTML Information Disclosure Vulnerability – CVE-2011-1252
    There is no feasible method of detection.

  • Drag and Drop Memory Corruption Vulnerability – CVE-2011-1254
    IPS 6722 MS IE Drag and Drop Memory Corruption Attack

  • Time Element Memory Corruption Vulnerability – CVE-2011-1255
    There is no feasible method of detection.

  • DOM Modification Memory Corruption Vulnerability – CVE-2011-1256
    There is no feasible method of detection.

  • Drag and Drop Information Disclosure Vulnerability – CVE-2011-1258
    There is no feasible method of detection.

  • Layout Memory Corruption Vulnerability – CVE-2011-1260
    IPS 6148 Suspicious HTML BDO Tag

  • Selection Object Memory Corruption Vulnerability – CVE-2011-1261
    IPS 6717 MS IE Selection Object Memory Corruption Attack

  • HTTP Redirect Memory Corruption Vulnerability – CVE-2011-1262
    IPS 6716 MS IE HTTP Redirect Memory Corruption Attack

MS11-051 Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)

  • Active Directory Certificate Services Vulnerability – CVE-2011-1264
    IPS 1369 Generic Cross-Site Scripting (XSS) Attempt 1
    IPS 3700 Generic Cross-Site Scripting (XSS) Attempt 3
    IPS 4948 Generic Cross-Site Scripting (XSS) Attempt 4
    IPS 1380 Generic Cross-Site Scripting (XSS) Attempt 5
    IPS 1381 Generic Cross-Site Scripting (XSS) Attempt 6

MS11-052 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)

  • VML Memory Corruption Vulnerability – CVE-2011-1266
    IPS 6711 MS VML Memory Corruption PoC