Microsoft Security Bulletin Coverage (Jun 12, 2012)
SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of June, 2012. A list of issues reported, along with SonicWALL coverage information follows:
MS12-036 Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)
- CVE-2012-0173 Remote Desktop Protocol Vulnerability
There is no feasible method of detection at gateway level.
MS12-037 Cumulative Security Update for Internet Explorer (2699988)
- CVE-2012-1523 Center Element Remote Code Execution Vulnerability
IPS: 7959 – Microsoft IE Center Element Exploit
- CVE-2012-1858 HTML Sanitization Vulnerability
IPS: 7960 – Cross-Site Scripting (XSS) Attempt 32
- CVE-2012-1872 EUC-JP Character Encoding Vulnerability
There is no feasible method of detection.
- CVE-2012-1873 Null Byte Information Disclosure Vulnerability
IPS: 7961 – Microsoft IE Null Byte Information Disclosure Exploit
- CVE-2012-1874 Developer Toolbar Remote Code Execution Vulnerability
IPS: 7962 – Microsoft IE Developer Toolbar Memory Corruption
- CVE-2012-1875 Same ID Property Remote Code Execution Vulnerability
IPS: 7963 – Microsoft IE Same ID Property Exploit
- CVE-2012-1876 Col Element Remote Code Execution Vulnerability
IPS: 7454 – HTTP Client Shellcode Exploit 35a
- CVE-2012-1877 Title Element Change Remote Code Execution Vulnerability
GAV: 20231 – Malformed-File html.MP.5
- CVE-2012-1878 OnBeforeDeactivate Event Remote Code Execution Vulnerability
GAV: 20228 – Malformed-File html.MP.4
- CVE-2012-1879 insertAdjacentText Remote Code Execution Vulnerability
IPS: 4665 – HTTP Client Shellcode Exploit 13a
- CVE-2012-1880 insertRow Remote Code Execution Vulnerability
GAV: 20227 – Malformed-File html.MP.3
- CVE-2012-1881 OnRowsInserted Event Remote Code Execution Vulnerability
GAV: 20225 – Malformed-File html.MP.2
- CVE-2012-1882 Scrolling Events Information Disclosure Vulnerability
There is no feasible method of detection.
MS12-038 Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
- CVE-2012-1855 .NET Framework Memory Access Vulnerability
IPS: 7964 – Malformed ZIP File 12
MS12-039 Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)
- CVE-2011-3402 TrueType Font Parsing Vulnerability
GAV: 19421 – Malformed.ttf.MP.1
- CVE-2012-0159 TrueType Font Parsing Vulnerability
GAV: 18601 – Malformed-File ttf.MP.2
- CVE-2012-1849 Lync Insecure Library Loading Vulnerability
IPS: 1023 – Binary Planting Attempt 1
IPS: 5726 – Binary Planting Attempt 2
IPS: 6847 – Binary Planting Attempt 3
- CVE-2012-1858 HTML Sanitization Vulnerability
IPS: 7960 – Cross-Site Scripting (XSS) Attempt 32
- CVE-2012-1857 Dynamics AX Enterprise Portal XSS Vulnerability
IPS: 1369 – Cross-Site Scripting (XSS) Attempt 1
MS12-041 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)
- CVE-2012-1864 String Atom Class Name Handling Vulnerability
This is a local elevation of privilege vulnerability.
- CVE-2012-1865 String Atom Class Name Handling Vulnerability
This is a local elevation of privilege vulnerability.
- CVE-2012-1866 Clipboard Format Atom Name Handling Vulnerability
This is a local elevation of privilege vulnerability.
- CVE-2012-1867 Font Resource Refcount Integer Overflow Vulnerability
This is a local elevation of privilege vulnerability.
- CVE-2012-1868 Win32k.sys Race Condition Vulnerability
This is a local elevation of privilege vulnerability.
MS12-042 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)
- CVE-2012-0217 User Mode Scheduler Memory Corruption Vulnerability
This
is a local elevation of privilege vulnerability.
- CVE-2012-1515 BIOS ROM Corruption Vulnerability
This is a local elevation of privilege vulnerability.
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2719615)
- CVE-2012-1889 MSXML Uninitialized Memory Corruption Vulnerability
IPS: 7967 – ACTIVEX Suspicious ActiveX Method 7
IPS: 7968 – ACTIVEX Suspicious ActiveX Method 8
IPS: 7969 – ACTIVEX Suspicious ActiveX Method 9
IPS: 7970 – ACTIVEX Suspicious ActiveX Method 10
IPS: 7971 – ACTIVEX Suspicious ActiveX Method 11