Microsoft Security Bulletin Coverage (Oct 11, 2011)
SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of October, 2011. A list of issues reported, along with SonicWALL coverage information follows:
MS11-075 Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)
- CVE-2011-1247 Active Accessibility Insecure Library Loading Vulnerability
IPS: 5726 – Possible Binary Planting Attempt
MS11-076 Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)
- CVE-2011-2009 Media Center Insecure Library Loading Vulnerability
IPS: 5726 – Possible Binary Planting Attempt
MS11-077 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)
- CVE-2011-1985 Win32k Null Pointer De-reference Vulnerability
This is a local vulnerability. - CVE-2011-2002 Win32k TrueType Font Type Translation Vulnerability
There is no feasible method of detection. - CVE-2011-2003 Font Library File Buffer Overrun Vulnerability
IPS: 2252 – Malformed OpenType Font 10b - CVE-2011-2011 Win32k Use After Free Vulnerability
There is no feasible method of detection.
- CVE-2011-1253 Class Inheritance Vulnerability
GAV: MsApp.Exp.MP.1
- CVE-2011-1895 ExcelTable Response Splitting XSS Vulnerability
IPS: 2418 – ExcelTable Code Injection 1 - CVE-2011-1896 ExcelTable Reflected XSS Vulnerability
IPS: 2419 – ExcelTable Code Injection 2 - CVE-2011-1897 Default Reflected XSS Vulnerability
IPS: 2300 – Generic Cross-Site Scripting (XSS) Attempt 24 - CVE-2011-1969 Poisoned Cup of Code Execution Vulnerability
IPS: 2420 – Generic Java Applet Exploit 3 - CVE-2011-2012 Null Session Cookie Crash
IPS: 2258 – Suspicious HTTP Cookie Header 3
MS11-080 Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)
- CVE-2011-2005 Ancillary Function Driver Elevation of Privilege Vulnerability
This is a local vulnerability.
MS11-081 Cumulative Security Update for Internet Explorer (2586448)
- CVE-2011-1993 Scroll Event Remote Code Execution Vulnerability
IPS: 7029 – MS IE Scroll Event Remote Code Execution Exploit - CVE-2011-1995 OLEAuto32.dll Remote Code Execution Vulnerability
IPS: 7028 – MS IE OLEAuto32.dll Remote Code Execution Exploit - CVE-2011-1996 Option Element Remote Code Execution Vulnerability
IPS: 7027 – MS IE Option Element Remote Code Execution Exploit - CVE-2011-1997 OnLoad Event Remote Code Execution Vulnerability
IPS: 7026 – MS IE OnLoad Event Remote Code Execution Exploit - CVE-2011-1998 Jscript9.dll Remote Code Execution Vulnerability
IPS: 7025 – MS IE Jscript9.dll Remote Code Execution Exploit - CVE-2011-1999 Select Element Remote Code Execution Vulnerability
IPS: 7024 – MS IE Select Element Remote Code Execution Exploit - CVE-2011-2000 Body Element Remote Code Execution Vulnerability
IPS: 7022 – MS IE Body Element Remote Code Execution Exploit - CVE-2011-2001 Virtual Function Table Corruption Remote Code Execution Vulnerability
IPS: 7021 – MS IE Virtual Function Table Corruption Exploit
MS11-082 Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)
- CVE-2011-2007 Endless Loop DoS in snabase.exe Vulnerability
IPS: 5012 – Generic UDP Shellcode Exploit 2 - CVE-2011-2008 Access of Unallocated Memory DoS Vulnerability
IPS: 4896 – Generic Server Application Shellcode Exploit 9
IPS: 5512 – Generic Server Application Shellcode Exploit 28
IPS: 6701 – MS Host Integration Server DoS