Posts

Microsoft Security Bulletin Coverage (Oct 9, 2012)

/in /by

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of October, 2012. A list of issues reported, along with Dell SonicWALL coverage information follows:

MS12-064 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)

  • CVE-2012-0182 Word PAPX Section Corruption Vulnerability
    File based vulnerability. No known exploits exist in the wild.
  • CVE-2012-2528 RTF File listid Use-After-Free Vulnerability
    IPS:8931 – Malformed RTF File 1

MS12-065 Vulnerability in Microsoft Works Could Allow Remote Code Execution (KB2754670)

  • CVE-2012-2550 Works Heap Vulnerability
    IPS:8932 – Malformed Word Document 11

MS12-066 Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)

  • CVE-2012-2520 HTML Sanitization Vulnerability
    IPS:8932 – Malformed Word Document 11

MS12-067 Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321)

  • CVE-2012-1766 Oracle Outside In contains multiple exploitable vulnerabilities
    No known exploits exist.
  • CVE-2012-1767 Oracle Outside In contains multiple exploitable vulnerabilities
    No known exploits exist.
  • CVE-2012-1768 Oracle Outside In contains multiple exploitable vulnerabilities
    No known exploits exist.
  • CVE-2012-1769 Oracle Outside In contains multiple exploitable vulnerabilities
    GAV:Malformed.jpg.TL.3
    GAV:Malformed.jpg.TL.4
  • CVE-2012-1770 Oracle Outside In contains multiple exploitable vulnerabilities
    No known exploits exist.
  • CVE-2012-1771 Oracle Outside In contains multiple exploitable vulnerabilities
    No known exploits exist.
  • CVE-2012-1772 Oracle Outside In contains multiple exploitable vulnerabilities
    No known exploits exist.
  • CVE-2012-1773 Oracle Outside In contains multiple exploitable vulnerabilities
    No known exploits exist.
  • CVE-2012-3106 Oracle Outside In contains multiple exploitable vulnerabilities
    No known exploits exist.
  • CVE-2012-3107 Oracle Outside In contains multiple exploitable vulnerabilities
    No known exploits exist.
  • CVE-2012-3108 Oracle Outside In contains multiple exploitable vulnerabilities
    No known exploits exist.
  • CVE-2012-3109 Oracle Outside In contains multiple exploitable vulnerabilities
    No known exploits exist.
  • CVE-2012-3110 Oracle Outside In contains multiple exploitable vulnerabilities
    No known exploits exist.

MS12-068 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197)

  • CVE-2012-2529 Windows Kernel Integer Overflow Vulnerability
    This is a local EoP vulnerability. Detection on the wire is not possible.

MS12-069 Vulnerability in Kerberos Could Allow Denial of Service (2743555)

  • CVE-2012-2551 Kerberos NULL Dereference Vulnerability
    Detection on the wire is not practical.

MS12-070 Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)

  • CVE-2012-2552 Reflected XSS Vulnerability
    IPS: 1369 – Cross-Site Scripting (XSS) Attempt 1