Microsoft Security Bulletin Coverage

July 11, 2013

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of July, 2013. A list of issues reported, along with Dell SonicWALL coverage information follows:

MS13-052 Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)

  • CVE-2013-3129 TrueType Font Parsing Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3131 Array Access Violation Vulnerability
    IPS: 9974 “Windows .Net Framework Access Violation Vulnerability (MS13-052)”
  • CVE-2013-3132 Delegate Reflection Bypass Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.
  • CVE-2013-3133 Anonymous Method Injection Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.
  • CVE-2013-3134 Array Allocation Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3171 Delegate Serialization Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.
  • CVE-2013-3178 Null Pointer Vulnerability
    There are no known exploits in the wild.

MS13-053 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)

  • CVE-2013-1300 Win32k Memory Allocation Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.
  • CVE-2013-1340 Win32k Dereference Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.
  • CVE-2013-1345 Win32k Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.
  • CVE-2013-3129 TrueType Font Parsing Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3167 Win32k Information Disclosure Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.
  • CVE-2013-3172 Win32k Buffer Overflow Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3173 Win32k Buffer Overwrite Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.
  • CVE-2013-3660 Win32k Read AV Vulnerability
    There are no known exploits in the wild.

MS13-054 Vulnerability in GDI+ Could Allow Remote Code Execution (2848295)

  • CVE-2013-3129 TrueType Font Parsing Vulnerability
    There are no known exploits in the wild.

MS13-055 Cumulative Security Update for Internet Explorer (2846071)

  • CVE-2013-3115 Internet Explorer Memory Corruption Vulnerability
    IPS: 9962 “Windows IE Use-After-Free Vulnerability (MS13-055) 1”
  • CVE-2013-3143 Internet Explorer Memory Corruption Vulnerability
    IPS: 9963 “Windows IE Use-After-Free Vulnerability (MS13-055) 2”
  • CVE-2013-3144 Internet Explorer Memory Corruption Vulnerability
    IPS: 9964 “Windows IE Use-After-Free Vulnerability (MS13-055) 3”
  • CVE-2013-3145 Internet Explorer Memory Corruption Vulnerability
    IPS: 9965 “Windows IE Use-After-Free Vulnerability (MS13-055) 4”
  • CVE-2013-3146 Internet Explorer Memory Corruption Vulnerability
    IPS: 9967 “Windows IE Memory Corruption Vulnerability (MS13-055)”
  • CVE-2013-3147 Internet Explorer Memory Corruption Vulnerability
    IPS: 9971 “Windows IE Use-After-Free Vulnerability (MS13-055) 8”
  • CVE-2013-3148 Internet Explorer Memory Corruption Vulnerability
    IPS: 9973 “Windows IE Use-After-Free Vulnerability (MS13-055) 10”
  • CVE-2013-3149 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3150 Internet Explorer Memory Corruption Vulnerability
    IPS: 9966 “Windows IE Use-After-Free Vulnerability (MS13-055) 5”
  • CVE-2013-3151 Internet Explorer Memory Corruption Vulnerability
    IPS: 7454 “HTTP Client Shellcode Exploit 35a”
  • CVE-2013-3152 Internet Explorer Memory Corruption Vulnerability
    IPS: 9968 “Windows IE Use-After-Free Vulnerability (MS13-055) 6”
  • CVE-2013-3153 Internet Explorer Memory Corruption Vulnerability
    IPS: 9969 “Windows IE Use-After-Free Vulnerability (MS13-055) 7”
  • CVE-2013-3161 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3162 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-3163 Internet Explorer Memory Corruption Vulnerability
    IPS: 9970 “Windows IE Memory Corruption Vulnerability (MS13-055) 2”
  • CVE-2013-3164 Internet Explorer Memory Corruption Vulnerability
    IPS: 9972 “Windows IE Use-After-Free Vulnerability (MS13-055) 9”
  • CVE-2013-3166 Shift JIS Character Encoding Vulnerability
    There are no known exploits in the wild.

MS13-056 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)

  • CVE-2013-3174 DirectShow Arbitrary Memory Overwrite Vulnerability
    IPS: 9982 “Windows DirectShow Memory Corruption Vulnerability (MS13-056)”

MS13-057 Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)

  • CVE-2013-3127 WMV Video Decoder Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS13-058 Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)

  • CVE-2013-3154 Microsoft Windows 7 Defender Improper Pathname Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.