Posts

Microsoft Security Bulletins Coverage (Jun 15, 2011)

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of June, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-037 Vulnerability in MHTML Could Allow Information Disclosure (2544893)

  • MHTML Mime-Formatted Request Vulnerability – CVE-2011-1894
    IPS 6154 MHTML Protocol Handler XSS Attack 1
    IPS 6155 MHTML Protocol Handler XSS Attack 2
    IPS 6201 MHTML Protocol Handler XSS Attack 3

MS11-038 Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)

  • OLE Automation Underflow Vulnerability – CVE-2011-0658
    IPS 4297 Generic Client Application Shellcode Exploit 1

MS11-039 Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)

  • .NET Framework Array Offset Vulnerability – CVE-2011-0664
    This is a local vulnerability.

MS11-040 Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)

  • TMG Firewall Client Memory Corruption Vulnerability – CVE-2011-1889
    There is no feasible method of detection.

MS11-041 Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)

  • Win32k OTF Validation Vulnerability – CVE-2011-1873
    There is no feasible method of detection.

MS11-042 Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)

  • DFS Memory Corruption Vulnerability – CVE-2011-1868
    IPS 6714 Suspicious CIFS Traffic 7
  • DFS Referral Response Vulnerability – CVE-2011-1869
    There is no feasible method of detection.

MS11-043 Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)

  • SMB Response Parsing Vulnerability – CVE-2011-1268
    IPS 6713 Suspicious CIFS Traffic 6

MS11-044 Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)

  • .NET Framework JIT Optimization Vulnerability – CVE-2011-1271
    There is no feasible method of detection.

MS11-045 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)

  • Excel Insufficient Record Validation Vulnerability – CVE-2011-1272
    IPS 6707 Malicious Excel Document 11b
  • Excel Improper Record Parsing Vulnerability – CVE-2011-1273
    IPS 6708 Malicious Excel Document 12b
  • Excel Out of Bounds Array Access Vulnerability – CVE-2011-1274
    IPS 6709 Malicious Excel Document 13b
  • Excel Memory Heap Overwrite Vulnerability – CVE-2011-1275
    IPS 6710 Malicious Excel Document 14b
  • Excel Buffer Overrun Vulnerability – CVE-2011-1276
    IPS 6718 Malicious Excel Document 16b
  • Excel Memory Corruption Vulnerability – CVE-2011-1277
    IPS 6719 Malicious Excel Document 17b
  • Excel WriteAV Vulnerability – CVE-2011-1278
    IPS 6721 Malicious Excel Document 18b
  • Excel Out of Bounds WriteAV Vulnerability – CVE-2011-1279
    IPS 6715 Malicious Excel Document 15b

MS11-046 Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)

  • Ancillary Function Driver Elevation of Privilege Vulnerability – CVE-2011-1249
    This is a local vulnerability.

MS11-047 Vulnerability in Hyper-V Could Allow Denial of Service (2525835)

  • VMBus Persistent DoS Vulnerability – CVE-2011-1872
    This is a local vulnerability.

MS11-048 Vulnerability in SMB Server Could Allow Denial of Service (2536275)

  • SMB Request Parsing Vulnerability – CVE-2011-1267
    IPS 6712 Suspicious CIFS Traffic 5

MS11-049 Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)

  • XML External Entities Resolution Vulnerability – CVE-2011-1280
    There is no feasible method of detection.

MS11-050 Cumulative Security Update for Internet Explorer (2530548)

  • MIME Sniffing Information Disclosure Vulnerability – CVE-2011-1246
    There is no feasible method of detection.
  • Link Properties Handling Memory Corruption Vulnerability – CVE-2011-1250
    There is no feasible method of detect
    ion.
  • DOM Manipulation Memory Corruption Vulnerability – CVE-2011-1251
    IPS 6723 MS IE DOM Manipulation Memory Corruption Attack
  • toStaticHTML Information Disclosure Vulnerability – CVE-2011-1252
    There is no feasible method of detection.
  • Drag and Drop Memory Corruption Vulnerability – CVE-2011-1254
    IPS 6722 MS IE Drag and Drop Memory Corruption Attack
  • Time Element Memory Corruption Vulnerability – CVE-2011-1255
    There is no feasible method of detection.
  • DOM Modification Memory Corruption Vulnerability – CVE-2011-1256
    There is no feasible method of detection.
  • Drag and Drop Information Disclosure Vulnerability – CVE-2011-1258
    There is no feasible method of detection.
  • Layout Memory Corruption Vulnerability – CVE-2011-1260
    IPS 6148 Suspicious HTML BDO Tag
  • Selection Object Memory Corruption Vulnerability – CVE-2011-1261
    IPS 6717 MS IE Selection Object Memory Corruption Attack
  • HTTP Redirect Memory Corruption Vulnerability – CVE-2011-1262
    IPS 6716 MS IE HTTP Redirect Memory Corruption Attack

MS11-051 Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)

  • Active Directory Certificate Services Vulnerability – CVE-2011-1264
    IPS 1369 Generic Cross-Site Scripting (XSS) Attempt 1
    IPS 3700 Generic Cross-Site Scripting (XSS) Attempt 3
    IPS 4948 Generic Cross-Site Scripting (XSS) Attempt 4
    IPS 1380 Generic Cross-Site Scripting (XSS) Attempt 5
    IPS 1381 Generic Cross-Site Scripting (XSS) Attempt 6

MS11-052 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)

  • VML Memory Corruption Vulnerability – CVE-2011-1266
    IPS 6711 MS VML Memory Corruption PoC