Posts

Microsoft Security Bulletin Coverage (July 10, 2012)

/in /by

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of July, 2012. A list of issues reported, along with Dell SonicWALL coverage information follows:

MS12-043 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)

  • CVE-2012-1889 MSXML Uninitialized Memory Corruption Vulnerability
    IPS: 7967 – Microsoft XML Core Services Uninitialized Object Access 1

MS12-044 Cumulative Security Update for Internet Explorer (2719177)

  • CVE-2012-1522 Cached Object Remote Code Execution Vulnerability
    IPS: 8124 – HTTP Client Shellcode Exploit 70a
  • CVE-2012-1524 Attribute Remove Remote Code Execution Vulnerability
    IPS: 8120 – Suspicious Javascript Attribute Remove Code

MS12-045 Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)

  • CVE-2012-1891 ADO Cachesize Heap Overflow RCE Vulnerability
    IPS: 8119 – Microsoft ADO Cachesize Heap Overflow Exploit

MS12-046 Vulnerabilities in Visual Basic for Applications Could Allow Remote Code Execution (27907960)

  • CVE-2012-1854 Visual Basic for Applications Insecure Library Loading Vulnerability
    IPS: 1023 – Binary Planting Attempt 1
    IPS: 5726 – Binary Planting Attempt 2
    IPS: 6847 – Binary Planting Attempt 3

MS12-047 Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523)

  • CVE-2012-1890 Keyboard Layout Vulnerability
    This is a local vulnerability. There is no feasible method of detection at gateway level.
  • CVE-2012-1893 Win32k Incorrect Type Handling Vulnerability
    This is a local vulnerability. There is no feasible method of detection at gateway level.

MS12-048 Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)

  • CVE-2012-0175 Command Injection Vulnerability
    IPS: 8118 – Suspicious Filename Transfer Through SMB

MS12-049 Vulnerability in TLS Could Allow Information Disclosure (2655992)

  • CVE-2012-1870 TLS Protocol Vulnerability
    There is no feasible method of detection at gateway level.

MS12-050 Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)

  • CVE-2012-1858 HTML Sanitization Vulnerability
    IPS: 7960 – Cross-Site Scripting (XSS) Attempt 32
  • CVE-2012-1859 XSS scriptresx.ashx Vulnerability
    IPS: 1849 – Cross-Site Scripting (XSS) Attempt 20
  • CVE-2012-1860 Sharepoint Search Scope Vulnerability
    There is no feasible method of detection at gateway level.
  • CVE-2012-1861 SharePoint Script in Username Vulnerability
    There is no feasible method of detection at gateway level.
  • CVE-2012-1863 Sharepoint Reflected List Parameter Vulnerability
    IPS: 1849 – Cross-Site Scripting (XSS) Attempt 20

MS12-051 Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015)

  • CVE-2012-1894 Office for Mac Improper Folder Permissions Vulnerability
    There is no feasible method of detection at gateway level.

Microsoft Security Bulletin Coverage (Jun 12, 2012)

/in /by

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of June, 2012. A list of issues reported, along with SonicWALL coverage information follows:

MS12-036 Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)

  • CVE-2012-0173 Remote Desktop Protocol Vulnerability
    There is no feasible method of detection at gateway level.

MS12-037 Cumulative Security Update for Internet Explorer (2699988)

  • CVE-2012-1523 Center Element Remote Code Execution Vulnerability
    IPS: 7959 – Microsoft IE Center Element Exploit
  • CVE-2012-1858 HTML Sanitization Vulnerability
    IPS: 7960 – Cross-Site Scripting (XSS) Attempt 32
  • CVE-2012-1872 EUC-JP Character Encoding Vulnerability
    There is no feasible method of detection.
  • CVE-2012-1873 Null Byte Information Disclosure Vulnerability
    IPS: 7961 – Microsoft IE Null Byte Information Disclosure Exploit
  • CVE-2012-1874 Developer Toolbar Remote Code Execution Vulnerability
    IPS: 7962 – Microsoft IE Developer Toolbar Memory Corruption
  • CVE-2012-1875 Same ID Property Remote Code Execution Vulnerability
    IPS: 7963 – Microsoft IE Same ID Property Exploit
  • CVE-2012-1876 Col Element Remote Code Execution Vulnerability
    IPS: 7454 – HTTP Client Shellcode Exploit 35a
  • CVE-2012-1877 Title Element Change Remote Code Execution Vulnerability
    GAV: 20231 – Malformed-File html.MP.5
  • CVE-2012-1878 OnBeforeDeactivate Event Remote Code Execution Vulnerability
    GAV: 20228 – Malformed-File html.MP.4
  • CVE-2012-1879 insertAdjacentText Remote Code Execution Vulnerability
    IPS: 4665 – HTTP Client Shellcode Exploit 13a
  • CVE-2012-1880 insertRow Remote Code Execution Vulnerability
    GAV: 20227 – Malformed-File html.MP.3
  • CVE-2012-1881 OnRowsInserted Event Remote Code Execution Vulnerability
    GAV: 20225 – Malformed-File html.MP.2
  • CVE-2012-1882 Scrolling Events Information Disclosure Vulnerability
    There is no feasible method of detection.

MS12-038 Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)

  • CVE-2012-1855 .NET Framework Memory Access Vulnerability
    IPS: 7964 – Malformed ZIP File 12

MS12-039 Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)

  • CVE-2011-3402 TrueType Font Parsing Vulnerability
    GAV: 19421 – Malformed.ttf.MP.1
  • CVE-2012-0159 TrueType Font Parsing Vulnerability
    GAV: 18601 – Malformed-File ttf.MP.2
  • CVE-2012-1849 Lync Insecure Library Loading Vulnerability
    IPS: 1023 – Binary Planting Attempt 1
    IPS: 5726 – Binary Planting Attempt 2
    IPS: 6847 – Binary Planting Attempt 3
  • CVE-2012-1858 HTML Sanitization Vulnerability
    IPS: 7960 – Cross-Site Scripting (XSS) Attempt 32

MS12-040 Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)

  • CVE-2012-1857 Dynamics AX Enterprise Portal XSS Vulnerability
    IPS: 1369 – Cross-Site Scripting (XSS) Attempt 1

MS12-041 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)

  • CVE-2012-1864 String Atom Class Name Handling Vulnerability
    This is a local elevation of privilege vulnerability.
  • CVE-2012-1865 String Atom Class Name Handling Vulnerability
    This is a local elevation of privilege vulnerability.
  • CVE-2012-1866 Clipboard Format Atom Name Handling Vulnerability
    This is a local elevation of privilege vulnerability.
  • CVE-2012-1867 Font Resource Refcount Integer Overflow Vulnerability
    This is a local elevation of privilege vulnerability.
  • CVE-2012-1868 Win32k.sys Race Condition Vulnerability
    This is a local elevation of privilege vulnerability.

MS12-042 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)

  • CVE-2012-0217 User Mode Scheduler Memory Corruption Vulnerability
    This
    is a local elevation of privilege vulnerability.
  • CVE-2012-1515 BIOS ROM Corruption Vulnerability
    This is a local elevation of privilege vulnerability.

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2719615)

  • CVE-2012-1889 MSXML Uninitialized Memory Corruption Vulnerability
    IPS: 7967 – ACTIVEX Suspicious ActiveX Method 7
    IPS: 7968 – ACTIVEX Suspicious ActiveX Method 8
    IPS: 7969 – ACTIVEX Suspicious ActiveX Method 9
    IPS: 7970 – ACTIVEX Suspicious ActiveX Method 10
    IPS: 7971 – ACTIVEX Suspicious ActiveX Method 11