Posts

Microsoft Security Bulletin Coverage (April 10, 2012)

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of April, 2012. The summary from the vendor can be found at here. A list of issues reported, along with SonicWALL coverage information follows:

MS12-023 Cumulative Security Update for Internet Explorer (2675157)

  • CVE-2012-0168 Print Feature Remote Code Execution Vulnerability
    No public information is available.
  • CVE-2012-0169 JScript9 Remote Code Execution Vulnerability
    Race condition, not detetable on the wire.
  • CVE-2012-0170 OnReadyStateChange Remote Code Execution Vulnerability
    IPS: 7694
  • CVE-2012-0171 SelectAll Remote Code Execution Vulnerability
    IPS: 7695
  • CVE-2012-0172 VML Style Remote Code Execution Vulnerability
    IPS: 7696

MS12-024 Vulnerability in Windows Could Allow Remote Code Execution (2653956)

  • CVE-2012-0151 WinVerifyTrust Signature Validation Vulnerability
    SPY: 3583

MS12-025 Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605)

  • CVE-2012-0163 .NET Framework Parameter Validation Vulnerability
    SPY: 3584

MS12-026 Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860)

  • CVE-2012-0146 UAG Blind HTTP Redirect Vulnerability
    No public information is available.
  • CVE-2012-0147 Unfiltered Access to UAG Default Website Vulnerability
    Cannot distinguish between normal and attack traffic.

MS12-027 Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

MS12-028 Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2639185)

  • CVE-2012-0177 Office WPS Converter Heap Overflow Vulnerability
    SPY: 3582