Posts

Microsoft Security Bulletin Coverage (Sept 10, 2013)

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of September, 2013. A list of issues reported, along with Dell SonicWALL coverage information follows:

MS13-067 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)

  • CVE-2013-3858 Word Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3857 Word Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3849 Word Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3848 Word Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3847 Word Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3180 POST XSS Vulnerability
    IPS: 6128 “Cross-Site Scripting (XSS) Attack 44”
  • CVE-2013-3179 SharePoint XSS Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-1330 MAC Disabled Vulnerability
    IPS: 6103 “Microsoft SharePoint Server Remote Code Execution 3”
  • CVE-2013-1315 Microsoft Office Memory Corruption Vulnerability
    SPY: 4678 “Malformed-File xlw.MP.1”
  • CVE-2013-0081 SharePoint Denial of Service Vulnerability
    IPS: 6100 “Microsoft SharePoint Server Remote Code Execution 5 (MS13-067)”

    IPS: 6096 “Microsoft SharePoint Server Remote Code Execution 4 (MS13-067)”

MS13-068 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473)

  • CVE-2013-3870 Message Certificate Vulnerability
    There are no known exploits in the wild.

MS13-069 Cumulative Security Update for Internet Explorer (2870699)

  • CVE-2013-3845 Internet Explorer Memory Corruption Vulnerability
    IPS: 7258 “Windows IE Use-After-Free Vulnerability (MS13-069) 1”
  • CVE-2013-3209 Internet Explorer Memory Corruption Vulnerability
    IPS: 7278 “Windows IE Use-After-Free Vulnerability (MS13-069) 3”
  • CVE-2013-3208 Internet Explorer Memory Corruption Vulnerability
    IPS: 7282 “Windows IE Use-After-Free Vulnerability (MS13-069) 4”
  • CVE-2013-3207 Internet Explorer Memory Corruption Vulnerability
    IPS: 7287 “Windows IE Use-After-Free Vulnerability (MS13-069) 5”
  • CVE-2013-3206 Internet Explorer Memory Corruption Vulnerability
    IPS: 7295 “Windows IE Use-After-Free Vulnerability (MS13-069) 6”
  • CVE-2013-3205 Internet Explorer Memory Corruption Vulnerability
    IPS: 7323 “Windows IE Use-After-Free Vulnerability (MS13-069) 8”
  • CVE-2013-3204 Internet Explorer Memory Corruption Vulnerability
    IPS: 7313 “Windows IE Use-After-Free Vulnerability (MS13-069) 7”
  • CVE-2013-3203 Internet Explorer Memory Corruption Vulnerability
    IPS: 7339 “Windows IE Type Confusion Vulnerability (MS13-069)”
  • CVE-2013-3202 Internet Explorer Memory Corruption Vulnerability
    IPS: 7273 “Windows IE Use-After-Free Vulnerability (MS13-069) 2”
  • CVE-2013-3201 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS13-070 Vulnerability in OLE Could Allow Remote Code Execution (2876217)

  • CVE-2013-3863 OLE Property Vulnerability
    There are no known exploits in the wild.

MS13-071 Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)

  • CVE-2013-0810 Windows Theme File Remote Code Execution Vulnerability
    IPS: 6130 “Malformed Theme File”

MS13-072 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)

  • CVE-2013-3858 Word Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3857 Word Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3856 Word Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3855 Word Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3854 Word Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3853 Word Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3852 Word Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3851 Word Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3850 Word Memory Corruption Vulnerability
    IPS: 6105 “Microsoft Word Memory Corruption Vulnerability (MS13-072) 1”
  • CVE-2013-3849 Word Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3848 Word Memory Corruption Vulnerability
    IPS: 6109 “Microsoft Word Memory Corruption Vulnerability (MS13-072) 2”
  • CVE-2013-3847 Word Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3160 XML External Entities Resolution Vulnerability
    There are no known exploits in the wild.

MS13-073 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)

  • CVE-2013-3159 XML External Entities Resolution Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3158 Microsoft Office Memory Corruption Vulnerability
    SPY: 4679 “Malformed-File xlw.MP.2”
  • CVE-2013-1315 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS13-074 Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)

  • CVE-2013-3157 Access Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3156 Access File Format Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3155 Access Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS13-075 Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687)

  • CVE-2013-3859 Chinese IME Vulnerability
    There are no known exploits in the wild.

MS13-076 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2876315)

  • CVE-2013-3866 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3865 Win32k Multiple Fetch Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3864 Win32k Multiple Fetch Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-1344 Win32k Multiple Fetch Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-1343 Win32k Multiple Fetch Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-1342 Win32k Multiple Fetch Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-1341 Win32k Multiple Fetch Vulnerability
    There are no known exploits in the wild.

MS13-077 Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339)

  • CVE-2013-3862 Service Control Manager Double Free Vulnerability
    There are no known exploits in the wild.

MS13-078 Vulnerability in FrontPage Could Allow Information Disclosure (2825621)

  • CVE-2013-3137 XML Disclosure Vulnerability
    IPS: 6162 “Microsoft FrontPage Information Disclosure”

MS13-079 Vulnerability in Active Directory Could Allow Denial of Service (2853587)

  • CVE-2013-3868 Remote Anonymous DoS Vulnerability
    There are no known exploits in the wild.