Posts

Microsoft Security Bulletin Coverage (Dec 10, 2013)

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of December, 2013. A list of issues reported, along with Dell SonicWALL coverage information follows:

MS13-096 Vulnerability in Microsoft Graphics Component Could allow Remote Code Execution (2908005)

  • CVE-2013-3906 Microsoft Graphics Component Memory Corruption Vulnerability
    GAV: 26249 Malformed.docx.MP.1
    GAV: 26255 Malformed.tif.MP.3
    GAV: 26278 Malformed.docx.MP.2
    GAV: 26311 CVE-2013-3906

MS13-097 Cumulative Security Update for Internet Explorer (2898785)

  • CVE-2013-5045 Internet Explorer Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-5046 Internet Explorer Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-5047 Internet Explorer Memory Corruption Vulnerability
    IPS: 9372 Windows IE Memory Corruption Vulnerability (MS13-097) 1
  • CVE-2013-5048 Internet Explorer Memory Corruption Vulnerability
    IPS: 9385 Windows IE Memory Corruption Vulnerability (MS13-097) 2
  • CVE-2013-5049 Internet Explorer Memory Corruption Vulnerability
    IPS: 9393 Windows IE Memory Corruption Vulnerability (MS13-097) 3
  • CVE-2013-5051 Internet Explorer Memory Corruption Vulnerability
    IPS: 9420 Windows IE Memory Corruption Vulnerability (MS13-097) 4
  • CVE-2013-5052 Internet Explorer Memory Corruption Vulnerability
    IPS: 9431 Windows IE Memory Corruption Vulnerability (MS13-097) 5

MS13-098 Vulnerability in Windows Could Allow Remote Code Execution (2893294)

  • CVE-2013-3900 WinVerifyTrust Signature Validation Vulnerability
    IPS: 4773 Suspicious HTTP Authorization Header 6
    SPY: 4706 IsFreemium

MS13-099 Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158)

  • CVE-2013-5056 Use-After-Free Vulnerability in Microsoft Scripting Runtime Object Library
    IPS: 9436 Microsoft Scripting Object Use After Free

MS13-105 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705)

  • CVE-2013-1330 MAC Disabled Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-5072 OWA XSS Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-5763 Oracle Outside In Contains Multiple Exploitable Vulnerabilities
    There are no known exploits in the wild.
  • CVE-2013-5791 Oracle Outside In Contains Multiple Exploitable Vulnerabilities
    There are no known exploits in the wild.

MS13-100 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2904244)

  • CVE-2013-5059 SharePoint Page Content Vulnerabilities
    There are no known exploits in the wild.

MS13-101 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430)

  • CVE-2013-3899 Win32k Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3902 Win32k Use After Free Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3903 TrueType Font Parsing Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3907 Port-Class Driver Double Fetch Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-5058 Win32k Integer Overflow Vulnerability
    There are no known exploits in the wild.

MS13-102 Vulnerability in LRPC Client Could Allow Elevation of Privilege (2898715)

  • CVE-2013-3878 LRPC Client Buffer Overrun Vulnerability
    There are no known exploits in the wild.

MS13-103 Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (2905244)

  • CVE-2013-5042 SignalR XSS Vulnerability
    There are no known exploits in the wild.

MS13-104 Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)

  • CVE-2013-5054 Token Hijacking Vulnerability
    There are no known exploits in the wild.

MS13-106 Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass (2905238)

  • CVE-2013-5057 HXDS ASLR Vulnerability
    There are no known exploits in the wild.