Microsoft Security Bulletin Coverage

October 10, 2013

Dell SonicWALL has analyzed and addressed Microsoft's security advisories for the month of October, 2013. A list of issues reported, along with Dell SonicWALL coverage information follows:

MS13-080 Cumulative Security Update for Internet Explorer (2879017)

CVE-2013-3872 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2013-3873 Internet Explorer Memory Corruption Vulnerability
IPS: 7548 "Windows IE Use-After-Free Vulnerability (MS13-080) 2"
CVE-2013-3874 Internet Explorer Memory Corruption Vulnerability
IPS: 7549 "Windows IE Use-After-Free Vulnerability (MS13-080) 3"
CVE-2013-3875 Internet Explorer Memory Corruption Vulnerability
IPS: 7550 "Windows IE Use-After-Free Vulnerability (MS13-080) 4"
CVE-2013-3882 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2013-3885 Internet Explorer Memory Corruption Vulnerability
IPS: 7551 "Windows IE Use-After-Free Vulnerability (MS13-080) 5"
CVE-2013-3886 Internet Explorer Memory Corruption Vulnerability
IPS: 7552 "Windows IE Use-After-Free Vulnerability (MS13-080) 6"
CVE-2013-3893 Internet Explorer Memory Corruption Vulnerability
IPS: 7377 "Windows IE Memory Corruption Vulnerability"
IPS: 7417 "Windows IE Memory Corruption Vulnerability 2"
SPY: 4119 "Malformed-File html.TL.274"
CVE-2013-3897 Internet Explorer Memory Corruption Vulnerability
Please check Analysis for more details on the exploit seen in the wild.
IPS: 7553 "Windows IE Use-After-Free Vulnerability (MS13-080) 7"
SPY: 4684 "CVE-2013-3897"

MS13-081 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)

CVE-2013-3894 TrueType Font CMAP Table Vulnerability Vulnerability
There are no known exploits in the wild.
CVE-2013-3888 DirectX Graphics Kernel Subsystem Double Fetch Vulnerability Vulnerability
There are no known exploits in the wild.
CVE-2013-3881 Win32k NULL Page Vulnerability
This is a local vulnerability.
CVE-2013-3880 App Container Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2013-3879 Win32k Use After Free Vulnerability
This is a local vulnerability.
CVE-2013-3200 Windows USB Descriptor Vulnerability
There are no known exploits in the wild.
CVE-2013-3128 Open Type Font Parsing Vulnerability
SPY: 4683 "Malformed-File otf.MP.9"

MS13-082 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890)

CVE-2013-3861 JSON Parsing Vulnerability
There are no known exploits in the wild.
CVE-2013-3860 Entity Expansion Vulnerability
IPS: 6316 "Microsoft .NET Framework Entity Expansion DoS"
CVE-2013-3128 OpenType Font Parsing Vulnerability
SPY: 4683 "Malformed-File otf.MP.9"

MS13-083 Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2864058)

CVE-2013-3195 Comctl32 Integer Overflow Vulnerability
SPY: 4685 "Malformed-File exe.MP.7"

MS13-084 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089)

CVE-2013-3895 Parameter Injection Vulnerability
IPS: 7555 "Microsoft SharePoint Server Remote Code Execution 4 (MS13-084)"
CVE-2013-3889 MIcrosoft Excel Memory Corruption Vulnerability
There are no known exploits in the wild.

MS13-085 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080)

CVE-2013-3890 Microsoft Excel Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2013-3889 Microsoft Excel Memory Corruption Vulnerability
There are no known exploits in the wild.

MS13-086 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084)

CVE-2013-3892 Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2013-3891 Memory Corruption Vulnerability
SPY: 4686 "Malformed-File doc.MP.14"

MS13-087 Vulnerability in Silverlight Could Allow Information Disclosure (2890788)

CVE-2013-3896 Silverlight Vulnerability
There are no known exploits in the wild.