Microsoft Security Bulletin Coverage (December 09, 2014)
Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of December, 2014. A list of issues reported, along with Dell SonicWALL coverage information are as follows:
MS14-075 Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712)
- CVE-2014-6319 Outlook Web Access Token Spoofing Vulnerability
There are no known exploits in the wild. - CVE-2014-6325 OWA XSS Vulnerability
IPS: 6098 “Cross-Site Scripting (XSS) Attack 48” - CVE-2014-6326 OWA XSS Vulnerability
IPS: 6107 “Cross-Site Scripting (XSS) Attack 49” - CVE-2014-6336 Exchange URL Redirection Vulnerability
IPS: 6099 “Microsoft Exchange URL Redirection Vulnerability”
MS14-080 Cumulative Security Update for Internet Explorer (3008923)
- CVE-2014-6327 Internet Explorer Memory Corruption Vulnerability
IPS: 6097 “Internet Explorer Memory Corruption Vulnerability (MS14-080) 3” - CVE-2014-6328 Internet Explorer XSS Filter Bypass Vulnerability
IPS: 6105 “Internet Explorer XSS Filter Bypass Vulnerability “ - CVE-2014-6329 Internet Explorer Memory Corruption Vulnerability
IPS: 3552 “Internet Explorer Memory Corruption Vulnerability (MS14-080) 2” - CVE-2014-6330 Internet Explorer Memory Corruption Vulnerability
IPS: 6518 “Internet Explorer Memory Corruption Vulnerability (MS14-080) 1 “ - CVE-2014-6363 VBScript Memory Corruption Vulnerability
IPS: 5665 “Internet Explorer VBScript Memory Corruption Vulnerability (MS14-080)” - CVE-2014-6365 Internet Explorer XSS Filter Bypass Vulnerability
SPY: 3253 “Malformed-File html.MP.52” - CVE-2014-6366 Internet Explorer Memory Corruption Vulnerability
SPY: 3254 “Malformed-File html.MP.54” - CVE-2014-6368 Internet Explorer ASLR Bypass Vulnerability
IPS: 6093 “Internet Explorer Memory Corruption Vulnerability (MS14-080) 4 “ - CVE-2014-6369 Internet Explorer Memory Corruption Vulnerability
IPS: 6094 “Internet Explorer Memory Corruption Vulnerability (MS14-080) 5” - CVE-2014-6373 Internet Explorer Memory Corruption Vulnerability
SPY: 3258 “Malformed-File html.MP.56” - CVE-2014-6374 Internet Explorer Memory Corruption Vulnerability
SPY: 3259 “Malformed-File html.MP.57” - CVE-2014-6375 Internet Explorer Memory Corruption Vulnerability
IPS: 6106 “Internet Explorer Memory Corruption Vulnerability (MS14-080) 7” - CVE-2014-6376 Internet Explorer Memory Corruption Vulnerability
SPY: 3260 ” Malformed-File html.MP.58″ - CVE-2014-8966 Internet Explorer Memory Corruption Vulnerability
IPS: 6095 “Internet Explorer Memory Corruption Vulnerability (MS14-080) 6”
MS14-081 Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301)
- CVE-2014-6356 Index Remote Code Execution Vulnerability
SPY: 3262 “Malformed-File doc.MP.19” - CVE-2014-6357 Use After Free Word Remote Code Execution Vulnerability
SPY: 3263 “Malformed-File rtf.MP.5_2”
MS14-082 Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349)
- CVE-2014-6364 Microsoft Office Component Use After Free Vulnerability
SPY: 3264 “Malformed-File doc.MP.20”
MS14-083 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)
- CVE-2014-6360 Global Free Remote Code Execution in Excel Vulnerability
SPY: 3265 “Malformed-File xls.MP.43 “ - CVE-2014-6361 Excel Invalid Pointer Remote Code Execution Vulnerability
SPY: 3266 “Malformed-File xls.MP.44 “
MS14-084 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)
- CVE-2014-6363 VBScript Memory Corruption Vulnerability
IPS: 5665 “Internet Explorer VBScript Memory Corruption Vulnerability (MS14-080)”
MS14-085 Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126)
- CVE-2014-6355 Information Disclosure Vulnerability
SPY: 3261 “Malformed-File html.MP.59”
3266