Microsoft Security Bulletins Coverage
November 9, 2010
SonicWALL has analyzed and addressed Microsoft's security advisories for the month of November, 2010. A list of issues reported, along with SonicWALL coverage information follows:
MS10-087 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)- CVE-2010-3333 - RTF Stack Buffer Overflow Vulnerability
IPS 5950 Word RTF File Parsing Stack BO - CVE-2010-3334 - Office Art Drawing Records Vulnerability
IPS 5955 Office Art Drawing Records Vulnerability - CVE-2010-3335 - Drawing Exception Handling Vulnerability
IPS 5956 Malicious Excel Document 7b - CVE-2010-3336 - MSO Large SPID Read AV Vulnerability
IPS 5957 Malicious Word Document 5b
IPS 5958 Malicious Excel Document 8b - CVE-2010-3337 - Insecure Library Loading Vulnerability
IPS 5726 Possible Binary Planting Attempt
MS10-088 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)
- CVE-2010-2572 - PowerPoint Parsing Buffer Overflow Vulnerability
IPS 5954 Malicious PowerPoint Document 1b - CVE-2010-2573 - PowerPoint Integer Underflow Causes Heap Corruption Vulnerability
IPS 5945 Malicious PowerPoint Document 1b
- CVE-2010-2732 - UAG Redirection Spoofing Vulnerability
Note: There is no way to differentiate malformed and legitimate traffic. - CVE-2010-2733 - UAG XSS Allows EOP Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-2734 - XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability
Note: There are no known public exploits targeting this vulnerability. - CVE-2010-3936 - XSS in Signurl.asp Vulnerability
Note: There are no known public exploits targeting this vulnerability.