Microsoft Security Bulletins Coverage

April 12, 2011

SonicWALL has analyzed and addressed Microsoft's security advisories for the month of April, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-018 Cumulative Security Update for Internet Explorer (2497640)

  • CVE-2011-0094 - Layouts Handling Memory Corruption Vulnerability
    IPS 6432 MS IE Memory Corruption Vulnerability
  • CVE-2011-0346 - MSHTML Memory Corruption Vulnerability
    There is no feasable method of detection.
  • CVE-2011-1245 - Javascript Information Disclosure Vulnerability
    IPS 6435 MS IE Javascript Information Disclosure Vulnerability
  • CVE-2011-1345 - Object Management Memory Corruption Vulnerability
    IPS 6427 MS IE Double Release Object Vulnerability
    IPS 6428 MS IE Double Release Object Vulnerability 2
    GAV IExploit.A6428

MS11-019 Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)

  • CVE-2011-0654 - Browser Pool Corruption Vulnerability
    IPS 6248 Generic Netbios Shellcode Exploit
  • CVE-2011-0660 - SMB Client Response Parsing Vulnerability
    IPS 6436 SMB Client Response Parsing Vulnerability Exploit

MS11-020 Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)

  • CVE-2011-0661 - SMB Transaction Parsing Vulnerability
    There is no feasable method of detection.

MS11-021 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)

  • CVE-2011-0097 - Excel Integer Overrun Vulnerability
    GAV MS.Xsl.E
  • CVE-2011-0098 - Excel Heap Overflow Vulnerability
    GAV MS.Xsl.E_2
  • CVE-2011-0101 - Excel Record Parsing WriteAV Vulnerability
    GAV MS.Xsl.E_3
  • CVE-2011-0103 - Excel Memory Corruption Vulnerability
    GAV MS.Xsl.E_5
  • CVE-2011-0104 - Excel Buffer Overwrite Vulnerability
    GAV Hlink.BO.A
    GAV Hlink.BO.B
  • CVE-2011-0105 - Excel Data Initialization Vulnerability
    GAV MS.Xsl.E_6
  • CVE-2011-0978 - Excel Array Indexing Vulnerability
    GAV MS.Xsl.E_7
  • CVE-2011-0979 - Excel Linked List Corruption Vulnerability
    GAV MS.Xsl.E_8
  • CVE-2011-0980 - Excel Dangling Pointer Vulnerability
    GAV MS.Xsl.E_4

MS11-022 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283)

  • CVE-2011-0685 - Floating Point Techno-color Time Bandit RCE Vulnerability
    GAV MS.Ppt.E
  • CVE-2011-0656 - Persist Directory RCE Vulnerability
    GAV MS.Ppt.E_2
  • CVE-2011-0976 - OfficeArt Atom RCE Vulnerability
    GAV MS.Ppt.E_3

MS11-023 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)

  • CVE-2011-0107 - Office Component Insecure Library Loading Vulnerability
    IPS 5726 Possible Binary Planting Attempt
  • CVE-2011-0977 - Microsoft Office Graphic Object Dereferencing Vulnerability
    GAV MS.Xsl.E_9

MS11-024 Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)

  • CVE-2010-3974 - Fax Cover Page Editor Memory Corruption Vulnerability
    GAV MS.cov.E

MS11-025 Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)

  • CVE-2010-3190 - MFC Insecure Library Loading Vulnerability
    IPS 5726 Possible Binary Planting Attempt

MS11-026 Vulnerability in MHTML Could Allow Information Disclosure (2503658)

  • CVE-2011-0096 - MHTML Mime-Formatted Request Vulnerability
    IPS 6205 MHTML Protocol Handler XSS Attack Attempt 4

MS11-027 Cumulative Security Update of ActiveX Kill Bits (2508272)

  • CVE-2010-0811 - Microsoft Internet Explorer 8 Developer Tools Vulnerability
    IPS 6437 MS Windows IE8 Developer Tools ActiveX Invocation Attempt
  • CVE-2010-3973 - Microsoft WMITools ActiveX Control Vulnerability
    IPS 6434 MS Windows WMITools ActiveX Control Invocation Attempt
  • CVE-2011-1243 - Microsoft Windows Messenger ActiveX Control Vulnerability
    IPS 6433 MS Windows Live Messenger ActiveX invocation attempt

MS11-028 Vulnera
bility in .NET Framework Could Allow Remote Code Execution (2484015)

  • CVE-2010-3958 - NET Framework Stack Corruption Vulnerability
    This is a local vulnerability.

MS11-029 Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)

  • CVE-2011-0041 - GDI+ Integer Overflow Vulnerability
    GAV ms11-029.ms

MS11-030 Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)

  • CVE-2011-0657 - DNS Query Vulnerability
    There is no feasable method of detection.

MS11-031 Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)

  • CVE-2011-0663 - Scripting Memory Reallocation Vulnerability
    There is no feasable method of detection.

MS11-032 Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)

  • CVE-2011-0034 - OpenType Font Stack Overflow Vulnerability
    IPS 6438 MS OpenType Font Stack Overflow Exploit

MS11-033 Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)

  • CVE-2011-0028 - WordPad Converter Parsing Vulnerability
    GAV ms11-033.ms.ttextflow
    GAV ms11-033.ms.tsplit

MS11-034 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)

  • CVE-2011-0662 - Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0665 - Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0666 - Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0667 - Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0670 - Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0671 - Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0672 - Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0673 - Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0674 - Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0675 - Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0676 - Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0677 - Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1225 - Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1226 - Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1227 - Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1228 - Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1229 - Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1230 - Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1231 - Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1232 - Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1233 - Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1234 - Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1235 - Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1236 - Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1237 - Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1238 - Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1239 - Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1240 - Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1241 - Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1242 - Win32k Use After Free Vulnerability
    Local authenticated vulnerability