Microsoft Security Bulletins Coverage

September 13, 2011

SonicWALL has analyzed and addressed Microsoft's security advisories for the month of September, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege (2571621)

  • CVE-2011-1984 WINS Local Elevation of Privilege Vulnerability
    Local vulnerability.

MS11-071 Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)

  • CVE-2011-1991 Windows Components Insecure Library Loading Vulnerability
    IPS: 5726 - Possible Binary Planting Attempt

MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)

  • CVE-2011-1986 Excel Use after Free WriteAV Vulnerability
    GAV: Malformed.xls.MP.2
  • CVE-2011-1987 Excel Out of Bounds Array Indexing Vulnerability
    GAV: Malformed.xls.MP.3
  • CVE-2011-1988 Excel Heap Corruption Vulnerability
    GAV: Malformed.xls.MP.4, Malformed.xls.MP.5, Malformed.xls.MP.6
  • CVE-2011-1989 Excel Conditional Expression Parsing Vulnerability
    GAV: Malformed.xls.MP.7
  • CVE-2011-1990 Excel Out of Bounds Array Indexing Vulnerability
    GAV: Malformed.xls.MP.8

MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)

  • CVE-2011-1980 Office Component Insecure Library Loading Vulnerability
    IPS: 5726 Possible Binary Planting Attempt
  • CVE-2011-1982 Office Uninitialized Object Pointer Vulnerability
    GAV: Malformed.doc.MP.3

MS11-074 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)

  • CVE-2011-0653 XSS in SharePoint Calendar Vulnerability
    IPS: 6753 - Generic Cross-Site Scripting (XSS) Attempt 8
  • CVE-2011-1252 HTML Sanitization Vulnerability
    IPS: 6797 MS IE toStaticHTML XSS 3
  • CVE-2011-1890 Editform Script Injection Vulnerability
    IPS: 1868 Generic Cross-Site Scripting (XSS) Attempt 21
  • CVE-2011-1891 Contact Details Reflected XSS Vulnerability
    IPS: 1849 Generic Cross-Site Scripting (XSS) Attempt 20
  • CVE-2011-1892 SharePoint Remote File Disclosure Vulnerability
    IPS: 1856 SharePoint Remote File Disclosure
  • CVE-2011-1893 SharePoint XSS Vulnerability
    IPS: 1369 Generic Cross-Site Scripting (XSS) Attempt 1, 6752 Generic Cross-Site Scripting (XSS) Attempt 7