Microsoft Security Bulletin Coverage (Dec 10, 2013)
Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of December, 2013. A list of issues reported, along with Dell SonicWALL coverage information follows:
MS13-096 Vulnerability in Microsoft Graphics Component Could allow Remote Code Execution (2908005)
- CVE-2013-3906 Microsoft Graphics Component Memory Corruption Vulnerability
GAV: 26249 Malformed.docx.MP.1
GAV: 26255 Malformed.tif.MP.3
GAV: 26278 Malformed.docx.MP.2
GAV: 26311 CVE-2013-3906
MS13-097 Cumulative Security Update for Internet Explorer (2898785)
- CVE-2013-5045 Internet Explorer Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2013-5046 Internet Explorer Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2013-5047 Internet Explorer Memory Corruption Vulnerability
IPS: 9372 Windows IE Memory Corruption Vulnerability (MS13-097) 1 - CVE-2013-5048 Internet Explorer Memory Corruption Vulnerability
IPS: 9385 Windows IE Memory Corruption Vulnerability (MS13-097) 2 - CVE-2013-5049 Internet Explorer Memory Corruption Vulnerability
IPS: 9393 Windows IE Memory Corruption Vulnerability (MS13-097) 3 - CVE-2013-5051 Internet Explorer Memory Corruption Vulnerability
IPS: 9420 Windows IE Memory Corruption Vulnerability (MS13-097) 4 - CVE-2013-5052 Internet Explorer Memory Corruption Vulnerability
IPS: 9431 Windows IE Memory Corruption Vulnerability (MS13-097) 5
MS13-098 Vulnerability in Windows Could Allow Remote Code Execution (2893294)
- CVE-2013-3900 WinVerifyTrust Signature Validation Vulnerability
IPS: 4773 Suspicious HTTP Authorization Header 6
SPY: 4706 IsFreemium
MS13-099 Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158)
- CVE-2013-5056 Use-After-Free Vulnerability in Microsoft Scripting Runtime Object Library
IPS: 9436 Microsoft Scripting Object Use After Free
MS13-105 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705)
- CVE-2013-1330 MAC Disabled Vulnerability
There are no known exploits in the wild. - CVE-2013-5072 OWA XSS Vulnerability
There are no known exploits in the wild. - CVE-2013-5763 Oracle Outside In Contains Multiple Exploitable Vulnerabilities
There are no known exploits in the wild. - CVE-2013-5791 Oracle Outside In Contains Multiple Exploitable Vulnerabilities
There are no known exploits in the wild.
MS13-100 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2904244)
- CVE-2013-5059 SharePoint Page Content Vulnerabilities
There are no known exploits in the wild.
MS13-101 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430)
- CVE-2013-3899 Win32k Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2013-3902 Win32k Use After Free Vulnerability
There are no known exploits in the wild. - CVE-2013-3903 TrueType Font Parsing Vulnerability
There are no known exploits in the wild. - CVE-2013-3907 Port-Class Driver Double Fetch Vulnerability
There are no known exploits in the wild. - CVE-2013-5058 Win32k Integer Overflow Vulnerability
There are no known exploits in the wild.
MS13-102 Vulnerability in LRPC Client Could Allow Elevation of Privilege (2898715)
- CVE-2013-3878 LRPC Client Buffer Overrun Vulnerability
There are no known exploits in the wild.
MS13-103 Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (2905244)
- CVE-2013-5042 SignalR XSS Vulnerability
There are no known exploits in the wild.
MS13-104 Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)
- CVE-2013-5054 Token Hijacking Vulnerability
There are no known exploits in the wild.
MS13-106 Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass (2905238)
- CVE-2013-5057 HXDS ASLR Vulnerability
There are no known exploits in the wild.