Microsoft Security Bulletin Coverage (April 10, 2012)
SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of April, 2012. The summary from the vendor can be found at here. A list of issues reported, along with SonicWALL coverage information follows:
MS12-023 Cumulative Security Update for Internet Explorer (2675157)
- CVE-2012-0168 Print Feature Remote Code Execution Vulnerability
No public information is available. - CVE-2012-0169 JScript9 Remote Code Execution Vulnerability
Race condition, not detetable on the wire. - CVE-2012-0170 OnReadyStateChange Remote Code Execution Vulnerability
IPS: 7694 - CVE-2012-0171 SelectAll Remote Code Execution Vulnerability
IPS: 7695 - CVE-2012-0172 VML Style Remote Code Execution Vulnerability
IPS: 7696
MS12-024 Vulnerability in Windows Could Allow Remote Code Execution (2653956)
- CVE-2012-0151 WinVerifyTrust Signature Validation Vulnerability
SPY: 3583
MS12-025 Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605)
- CVE-2012-0163 .NET Framework Parameter Validation Vulnerability
SPY: 3584
- CVE-2012-0146 UAG Blind HTTP Redirect Vulnerability
No public information is available. - CVE-2012-0147 Unfiltered Access to UAG Default Website Vulnerability
Cannot distinguish between normal and attack traffic.
MS12-027 Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)
- CVE-2012-0158 MSCOMCTL.OCX RCE Vulnerability
SPY: 3585
MS12-028 Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2639185)
- CVE-2012-0177 Office WPS Converter Heap Overflow Vulnerability
SPY: 3582