Posts

Microsoft Security Bulletin Coverage (July 10, 2012)

/in /by

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of July, 2012. A list of issues reported, along with Dell SonicWALL coverage information follows:

MS12-043 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)

  • CVE-2012-1889 MSXML Uninitialized Memory Corruption Vulnerability
    IPS: 7967 – Microsoft XML Core Services Uninitialized Object Access 1

MS12-044 Cumulative Security Update for Internet Explorer (2719177)

  • CVE-2012-1522 Cached Object Remote Code Execution Vulnerability
    IPS: 8124 – HTTP Client Shellcode Exploit 70a
  • CVE-2012-1524 Attribute Remove Remote Code Execution Vulnerability
    IPS: 8120 – Suspicious Javascript Attribute Remove Code

MS12-045 Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)

  • CVE-2012-1891 ADO Cachesize Heap Overflow RCE Vulnerability
    IPS: 8119 – Microsoft ADO Cachesize Heap Overflow Exploit

MS12-046 Vulnerabilities in Visual Basic for Applications Could Allow Remote Code Execution (27907960)

  • CVE-2012-1854 Visual Basic for Applications Insecure Library Loading Vulnerability
    IPS: 1023 – Binary Planting Attempt 1
    IPS: 5726 – Binary Planting Attempt 2
    IPS: 6847 – Binary Planting Attempt 3

MS12-047 Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523)

  • CVE-2012-1890 Keyboard Layout Vulnerability
    This is a local vulnerability. There is no feasible method of detection at gateway level.
  • CVE-2012-1893 Win32k Incorrect Type Handling Vulnerability
    This is a local vulnerability. There is no feasible method of detection at gateway level.

MS12-048 Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)

  • CVE-2012-0175 Command Injection Vulnerability
    IPS: 8118 – Suspicious Filename Transfer Through SMB

MS12-049 Vulnerability in TLS Could Allow Information Disclosure (2655992)

  • CVE-2012-1870 TLS Protocol Vulnerability
    There is no feasible method of detection at gateway level.

MS12-050 Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)

  • CVE-2012-1858 HTML Sanitization Vulnerability
    IPS: 7960 – Cross-Site Scripting (XSS) Attempt 32
  • CVE-2012-1859 XSS scriptresx.ashx Vulnerability
    IPS: 1849 – Cross-Site Scripting (XSS) Attempt 20
  • CVE-2012-1860 Sharepoint Search Scope Vulnerability
    There is no feasible method of detection at gateway level.
  • CVE-2012-1861 SharePoint Script in Username Vulnerability
    There is no feasible method of detection at gateway level.
  • CVE-2012-1863 Sharepoint Reflected List Parameter Vulnerability
    IPS: 1849 – Cross-Site Scripting (XSS) Attempt 20

MS12-051 Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015)

  • CVE-2012-1894 Office for Mac Improper Folder Permissions Vulnerability
    There is no feasible method of detection at gateway level.