Posts

Microsoft Security Bulletin Coverage (May 14, 2013)

/in /by

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of May, 2013. A list of issues reported, along with Dell SonicWALL coverage information follows:

MS13-037 Cumulative Security Update for Internet Explorer (2829530)

  • CVE-2013-2551 Internet Explorer Use After Free Vulnerability
    IPS: 9897 “Windows IE VML shape object Memory Corruption”
  • CVE-2013-1313 Internet Explorer Use After Free Vulnerability
    IPS: 9601 “Windows OLE Automation Remote Code Execution 2 (MS13-020)”
    IPS: 9635 “Windows OLE Automation Remote Code Execution 3 (MS13-020)”
    IPS: 9636 “Windows OLE Automation Remote Code Execution 4 (MS13-020)”
  • CVE-2013-1312 Internet Explorer Use After Free Vulnerability
    IPS: 9899 “Windows IE DOM Object Use-After-Free 5”
  • CVE-2013-1311 Internet Explorer Use After Free Vulnerability
    IPS: 9896 “Windows IE DOM Object Use-After-Free 4”
  • CVE-2013-1310 Internet Explorer Use After Free Vulnerability
    IPS: 9895 “Windows IE DOM Object Use-After-Free 3”
  • CVE-2013-1309 Internet Explorer Use After Free Vulnerability
    IPS: 9894 “Windows IE CDispNode Use-After-Free”
  • CVE-2013-1308 Internet Explorer Use After Free Vulnerability
    IPS: 9609 “DOM Object Use-After-Free Attack 3”
  • CVE-2013-1307 Internet Explorer Use After Free Vulnerability
    IPS: 7454 “HTTP Client Shellcode Exploit 35a”
  • CVE-2013-1306 Internet Explorer Use After Free Vulnerability
    IPS: 9900 “Windows IE DOM Object Use-After-Free 6”
  • CVE-2013-1297 JSON Array Information Disclosure Vulnerability
    IPS: 9891 “Windows IE JSON Information Disclosure”
  • CVE-2013-0811 Internet Explorer Use After Free Vulnerability
    Not feasible to detect the vulnerability.

MS13-038 Security Update for Internet Explorer (2847204)

  • CVE-2013-1347 Security Update for Internet Explorer
    IPS: 9470 “DOM Object Use-After-Free Attack 2”
    IPS: 9871 “Obfuscated HTML Code 3a”
    IPS: 9872 “Windows IE DOM Object Use-After-Free 1”
    IPS: 9873 “Windows IE DOM Object Use-After-Free 2”

MS13-039 Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)

  • CVE-2013-1305 HTTP.sys Denial of Service Vulnerability
    IPS: 9893 “Suspicious HTTP Accept-Encoding Header 1”

MS13-040 Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)

  • CVE-2013-1337 Authentication Bypass Vulnerability
    Cannot distinguish between normal and attack traffic.
  • CVE-2013-1336 XML Digital Signature Spoofing Vulnerability
    Cannot distinguish between normal and attack traffic.

MS13-041 Vulnerability in Lync Could Allow Remote Code Execution (2834695)

  • CVE-2013-1302 Lync RCE Vulnerability
    There are no known exploits in the wild.

MS13-42 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397)

  • CVE-2013-1329 Publisher Buffer Underflow Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-1328 Publisher Pointer Handling Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-1327 Publisher Signed Integer Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-1323 Publisher Incorrect NULL Value Handling Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-1322 Publisher Invalid Range Check Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-1321 Publisher Return Value Validation Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-1320 Publisher Buffer Overflow Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-1319 Publisher Return Value Handling Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-1318 Publisher Corrupt Interface Pointer Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-1317 Publisher Integer Overflow Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-1316 Publisher Negative Value Allocation Vulnerability
    There are no known exploits in the wild.

MS13-043 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)

  • CVE-2013-1335 Word Shape Corruption Vulnerability
    There are no known exploits in the wild.

MS13-044 Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692)

  • CVE-2013-1301 XML External Entities Resolution Vulnerability
    IPS: 9892 “Microsoft Visio Information Disclosure”

MS13-045 Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)

  • CVE-2013-0096 Windows Essentials Improper URI Handling Vulnerability
    There are no known exploits in the wild.

MS13-046 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221)

  • CVE-2013-1334 Win32k Window Handle Vulnerability
    It’s elevation of privilege, not feasible to detect.
  • CVE-2013-1333 Win32k Buffer Overflow Vulnerability
    It’s elevation of privilege, not feasible to detect.
  • CVE-2013-1332 DirectX Graphics Kernel Subsystem Double Fetch Vulnerability
    It’s elevation of privilege, not feasible to detect.

Microsoft Security Bulletin Coverage (Feb 12, 2013)

/in /by

Dell SonicWALL has analysed and addressed Microsoft’s security advisories for the month of February, 2013. A list of issues reported, along with Dell SonicWALL coverage information follows:

MS13-009 Cumulative Security Update for Internet Explorer

  • CVE-2013-0015 Shift JIS Character Encoding Vulnerability
    IPS:9603 – Windows IE SJIS XSS
  • CVE-2013-0018 Internet Explorer SetCapture Use After Free Vulnerability
    IPS:9606 – Windows IE setCapture Use-After-Free
  • CVE-2013-0019 Internet Explorer COmWindowProxy Use After Free Vulnerability
    IPS:9607 – Windows IE comWindowProxy Use-After-Free
  • CVE-2013-0020 Internet Explorer CMarkup Use After Free Vulnerability
    IPS:9608 – Windows IE CDATA Use-After-Free
  • CVE-2013-0021 Internet Explorer vtabl Use After Free Vulnerability
    IPS:9611 – Windows IE vtable Use-After-Free
  • CVE-2013-0022 Internet Explorer LsGetTrailInfo Use After Free Vulnerability
    IPS:9613 – Windows IE lsGetTrailInfo Use-After-Free
  • CVE-2013-0023 Internet Explorer CDispNode Use After Free Vulnerability
    Detection of attack over the wire is not feasible.
  • CVE-2013-0024 Internet Explorer pasteHTML Use After Free Vulnerability
    IPS:9614 – Internet Explorer pasteHTML Use After Free Vulnerability
  • CVE-2013-0025 Internet Explorer SLayoutRun Use After Free Vulnerability
    IPS:9612 – Microsoft IE SLayoutRun Use After Free Exploit
  • CVE-2013-0026 Internet Explorer InsertElement Use After Free Vulnerability
    IPS:9610 – Internet Explorer InsertElement Use After Free Vulnerability
  • CVE-2013-0027 Internet Explorer CPasteCommand Use After Free Vulnerability
    IPS:9609 – HTTP Client Shellcode Exploit 76
  • CVE-2013-0028 Internet Explorer CObjectElement Use After Free Vulnerability
    IPS:9605 – Microsoft IE CObjectElement Use After Free Exploit
  • CVE-2013-0029 Internet Explorer CHTML Use After Free Vulnerability
    IPS:9604 – Microsoft IE VML Memory Corruption Exploit

MS13-010 Vulnerability in Vector Markup Language Could Allow Remote Code Execution

  • CVE-2013-0030 VML Memory Corruption Vulnerability
    IPS:9602 – Windows IE VML Memory Corruption Exploit

MS13-011 Vulnerability in Media Decompression Could Allow Remote Code Execution

  • CVE-2013-0077 Media Decompression Vulnerability
    There are no known exploits in the wild.

MS13-012 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution

  • CVE-2013-0393 Oracle Outside In Contains Multiple Exploitable Vulnerabilities
    IPS:9555 – Oracle Outside in DB Handling DoS
  • CVE-2013-0418 Oracle Outside In Contains Multiple Exploitable Vulnerabilities
    Malformed.cdr.TL.4

MS13-013 Vulnerabilities in FAST Search Server 2010 for SharePoint Passing Could Allow Remote Code Execution

  • CVE-2013-3214 Oracle Outside In Contains Multiple Exploitable Vulnerabilities
    There are no known exploits in the wild.
  • CVE-2013-3217 Oracle Outside In Contains Multiple Exploitable Vulnerabilities
    There are no known exploits in the wild.

MS13-014 Vulnerability in NFS Server Could Allow Denial of Service

  • CVE-2013-1281 NULL Dereference Vulnerability
    There are no known exploits in the wild.

MS13-015 Vulnerability in .NEW Framework Could Allow Elevation of Privilege

  • CVE-2013-0073 WinForms Callback Elevation Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.

MS13-016 Win32k Race Condition Vulnerability

MS13-017 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege

  • CVE-2013-1278 Kernel Race Condition Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.
  • CVE-2013-1279 Kernel Race Condition Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.
  • CVE-2013-1280 Windows Kernel Reference Count Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.

MS13-018 Vulnerability in Windows TCP/IP Could Allow Denial Of Service

  • CVE-2013-0075 TCP FIN WAIT Vulnerability
    Connection limiting settings on the SonicWall will defend against attacks targeting this vulnerability.

MS13-019 Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege

  • CVE-2013-0076 Reference Count Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.

MS13-020 Vulnerability in OLE Automation Could Allow Remote Code Execution

  • CVE-2013-1313 Common Controls Remote Code
    IPS:9601 – Windows Common Controls Remote Code Execution (MS13-020)