Posts

Microsoft Security Bulletin Coverage (Mar 10, 2015)

/in /by

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of March, 2015. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS15-018 Cumulative Security Update for Internet Explorer (3032359)

  • CVE-2015-0032 VBScript Memory Corruption Vulnerability
    IPS: 10808 “Internet Explorer Memory Corruption Vulnerability(MS15-018) 8”
  • CVE-2015-0072 Internet Explorer Elevation of Privilege Vulnerability
    IPS: 6288 “Internet Explorer Universal XSS 1”
  • CVE-2015-1627 Internet Explorer Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2015-0056 Internet Explorer Memory Corruption Vulnerability
    There is no known exploit in the wild.
  • CVE-2015-0099 Internet Explorer Memory Corruption Vulnerability
    IPS: 10800 “Internet Explorer Memory Corruption Vulnerability(MS15-018) 1”
  • CVE-2015-0100 Internet Explorer Memory Corruption Vulnerability
    IPS: 10801 “Internet Explorer Memory Corruption Vulnerability(MS15-018) 2”
  • CVE-2015-1622 Internet Explorer Memory Corruption Vulnerability
    IPS: 10802 “Internet Explorer Memory Corruption Vulnerability(MS15-018) 3”
  • CVE-2015-1623 Internet Explorer Memory Corruption Vulnerability
    IPS: 10803 “Internet Explorer Memory Corruption Vulnerability(MS15-018) 4”
  • CVE-2015-1624 Internet Explorer Memory Corruption Vulnerability
    IPS: 10805 “Internet Explorer Memory Corruption Vulnerability(MS15-018) 5”
  • CVE-2015-1625 Internet Explorer Memory Corruption Vulnerability
    IPS: 10806 “Internet Explorer Memory Corruption Vulnerability(MS15-018) 6”
  • CVE-2015-1626 Internet Explorer Memory Corruption Vulnerability
    IPS: 7645 “HTTP Client Shellcode Exploit 11c”
  • CVE-2015-1634 Internet Explorer Memory Corruption Vulnerability
    IPS: 10807 “Internet Explorer Memory Corruption Vulnerability(MS15-018) 7”

MS15-019 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3040297)

  • CVE-2015-0032 VBScript Memory Corruption Vulnerability
    IPS: 10808 “Internet Explorer Memory Corruption Vulnerability(MS15-018) 8”

MS15-020 Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution (3041836)

  • CVE-2015-0081 WTS Remote Code Execution Vulnerability
    ASPY: 4858 “Malformed-File RTF.MP.1_2”
  • CVE-2015-0096 DLL Planting Remote Code Exectution Vulnerability
    ASPY: 4863 “Malformed-File lnk.MP.1”

MS15-021 Vulnerabilities in Adobe Font Driver Could Allow Remote Code Execution (3032323)

  • CVE-2015-0074 Adobe Font Driver Denial of Service Vulnerability
    There is no known exploit in the wild.
  • CVE-2015-0087 Adobe Font Driver Information Disclosure Vulnerability
    ASPY: 4861 “Malformed-File pfm.MP.1”
  • CVE-2015-0089 Adobe Font Driver Information Disclosure Vulnerability
    ASPY: 4862 “Malformed-File otf.MP.10”
  • CVE-2015-0088 Adobe Font Driver Remote Code Execution Vulnerability
    There is no known exploit in the wild.
  • CVE-2015-0090 Adobe Font Driver Remote Code Execution Vulnerability
    ASPY: 4864 “Malformed-File pfb.MP.1”
  • CVE-2015-0091 Adobe Font Driver Remote Code Execution Vulnerability
    ASPY: 4864 “Malformed-File pfb.MP.1”
  • CVE-2015-0092 Adobe Font Driver Remote Code Execution Vulnerability
    ASPY: 4864 “Malformed-File pfb.MP.1”
  • CVE-2015-0093 Adobe Font Driver Remote Code Execution Vulnerability
    ASPY: 4864 “Malformed-File pfb.MP.1”

MS15-022 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3038999)

  • CVE-2015-0085 Microsoft Office Component Use After Free Vulnerability
    There is no known exploit in the wild.
  • CVE-2015-0086 Microsoft Office Memory Corruption Vulnerability
    GAV: 27233 “Malformed.rtf.TL.5”
  • CVE-2015-0097 Microsoft Word Local Zone Remote Code Execution Vulnerability
    ASPY: 4859 “Malformed-File wps.MP.2”
  • CVE-2015-1633 Microsoft SharePoint XSS Vulnerability
    IPS: 2087 “Cross-Site Scripting (XSS) Attack 47”
  • CVE-2015-1636 Microsoft SharePoint XSS Vulnerability
    IPS: 2088 “Cross-Site Scripting (XSS) Attack 48”

MS15-023 Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege (3034344)

  • CVE-2015-0077 Microsoft Windows Kernel Memory Disclosure Vulnerability
    ASPY: 4860 “Malformed-File exe.MP.9”
  • CVE-2015-0078 Win32k Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2015-0094 Microsoft Windows Kernel Memory Disclosure Vulnerability
    ASPY: 4865 “Malformed-File exe.MP.10”
  • CVE-2015-0095 Microsoft Windows Kernel Memory Disclosure Vulnerability
    This is a local vulnerability.

MS15-024 Vulnerability in PNG Processing Could Allow Information Disclosure (3035132)

  • CVE-2015-0080 Malformed PNG Parsing Information Disclosure Vulnerability
    ASPY: 4855 “Malformed-File png.MP.2”

MS15-025 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (3038680)

  • CVE-2015-0073 Registry Virtualization Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2015-0075 Impersonation Level Check Elevation of Privilege Vulnerability
    There is no known exploit in the wild.

MS15-026 Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3040856)

  • CVE-2015-1628 OWA Modified Canary Parameter Cross Site Scripting Vulnerability
    IPS: 10804 “Microsoft Exchange Server OWA XSS 3”
  • CVE-2015-1629 ExchangeDLP Cross Site Scripting Vulnerability
    This is a local vulnerability.
  • CVE-2015-1630 Audit Report Cross Site Scripting Vulnerability
    This is a local vulnerability.
  • CVE-2015-1631 Exchange Forged Meeting Request Spoofing Vulnerability
    There is no known exploit in the wild.
  • CVE-2015-1632 Exchange Error Message Cross Site Scripting Vulnerability
    IPS: 6391 “Cross-Site Scripting (XSS) Attack 46”

MS15-027 Vulnerability in NETLOGON Could Allow Spoofing (3002657)

  • CVE-2015-0005 NETLOGON Spoofing Vulnerability
    There is no known exploit in the wild.

MS15-028 Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass (3030377)

  • CVE-2015-0084 Task Scheduler Security Feature Bypass Vulnerability
    This is a local vulnerability.

MS15-029 Vulnerability in Windows Photo Decoder Component Could Allow Information Disclosure (3035126)

  • CVE-2015-0076 JPEG XR Parser Information Disclosure Vulnerability
    ASPY: 4856 “Malformed-File jxr.MP.1”

MS15-030 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (3039976)

  • CVE-2015-0079 Remote Desktop Protocol (RDP) Denial of Service Vulnerability
    There is no known exploit in the wild.

MS15-031 Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)

  • CVE-2015-1637 Schannel Security Feature Bypass Vulnerability
    IPS: 6366 “Client Hello with EXPORT Cipher Suites 1”
    IPS: 6412 “Client Hello with EXPORT Cipher Suites 2”
    IPS: 6428 “Server Hello with EXPORT Cipher Suite”

Microsoft Internet Explorer Same Origin Policy Bypass (CVE-2015-0072) (Feb 4, 2015)

/in /by

A same-origin policy bypass vulnerability has been reported in Microsoft Internet Explorer. A remote attacker can exploit this vulnerability to bypass the SOP and cause a cross-site scripting attack to take place.

Dell SonicWALL Threat Research Team has researched this vulnerability and released the following signature to protect their customers.

  • IPS:6288 Internet Explorer SOP Bypass

This vulnerability is referred by CVE as CVE-2015-0072.