Microsoft Security Bulletins Coverage (Oct 12, 2010)

SonicWALL has analyzed and addressed Microsoft's security advisories for the month of October, 2010. A list of issues reported, along with SonicWALL coverage information follows:

MS10-071 Cumulative Security Update for Internet Explorer (2360131)

• CVE-2010-0808 - AutoComplete Information Disclosure Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3243 - HTML Sanitization Vulnerability
  IPS 5844 MS IE XSS Vulnerability Exploit
• CVE-2010-3324 - HTML Sanitization Vulnerability
  IPS 4149 MS IE toStaticHTML Method Invocation
• CVE-2010-3325 - CSS Special Character Information Disclosure Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3326- Uninitialized Memory Corruption Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3327 - Anchor Element Information Disclosure Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3328- Uninitialized Memory Corruption Vulnerability
  Note: Detection would require a logical analysis or traversal of a file. It is not feasible.
• CVE-2010-3329- Uninitialized Memory Corruption Vulnerability
  IPS 5836MS IE Uninitialized Memory Corruption Vulnerability 2 (MS10-071)
• CVE-2010-3330- Cross-Domain Information Disclosure Vulnerability
  Note: Detection would require a logical analysis or traversal of a file. It is not feasible.
• CVE-2010-3331- Uninitialized Memory Corruption Vulnerability
  IPS 5835MS IE Uninitialized Memory Corruption Vulnerability (MS10-071)

MS10-072 Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)

• CVE-2010-3243- HTML Sanitization Vulnerability
  Note: Please refer to MS10-071
• CVE-2010-3324- HTML Sanitization Vulnerability
  Note: Please refer to MS10-071

MS10-073 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957)

• CVE-2010-2549- Win32K Reference Count Vulnerability
  Note: Local elevation of privilege
• CVE-2010-2743- Win32K Keyboard Layout Vulnerability
  Note: Local elevation of privilege
• CVE-2010-2744- Win32k Window Class Vulnerability
  Note: Local elevation of privilege

MS10-074 Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149)

• CVE-2010-3227- Windows MFC Document Title Updating Buffer Overflow Vulnerability
  Note: There are no known public exploits targeting this vulnerability.

MS10-075 Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution (2281679)

• CVE-2010-3225- RTSP Use After Free Vulnerability
  IPS 5845 Microsoft Windows Media Player Code Execution Exploit

MS10-076 Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132)

• CVE-2010-1883- Embedded OpenType Font Integer Overflow Vulnerability
  IPS 5837 Malicious Font File Download 5b

MS10-077Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841)

• CVE-2010-3228- .NET Framework x64 JIT Compiler Vulnerability
  Note: There is no way to differentiate malformed and legitimate traffic.

MS10-078 Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986)

• CVE-2010-2740- OpenType Font Parsing Vulnerability
  IPS 5831 Malicious Font File Download 3b
• CVE-2010-2741- OpenType Font Validation Vulnerability
  IPS 5832 Malicious Font File Download 4b

MS10-079Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)

• CVE-2010-2747- Word Uninitialized Pointer Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-2748- Word Boundary Check Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-2750- Word Index Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3214- Word Stack Overflow Vulnerability
  IPS 5833Malicious Word Document 3b
• CVE-2010-3215- Word Return Value Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3216- Word Bookmarks Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3217- Word Pointer Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3218- Word Heap Overflow Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3219- Word Index Parsing Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3220- Word Parsing Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3221- Word Parsing Vulnerability
  Note: There are no known public exploits targeting this vulnerability.

MS10-080 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2293211)

• CVE-2010-3230- Excel Record Parsing Integer Overflow Vulnerability
  IPS 5840Malicious Excel Document 6b
• CVE-2010-3231- Excel Record Parsing Memory Corruption Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3232- Excel File Format Parsing Vulnerability
  IPS 5839Malicious Excel Document 5b
• CVE-2010-3233- Lotus 1-2-3 Workbook Parsing Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3234- Formula Substream Memory Corruption Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3235- Formula Biff Record Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3236- Out Of Bounds Array Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3237- Merge Cell Record Pointer Vulnerability
  IPS 5834Malicious Excel Document 3b
• CVE-2010-3238- Negative Future Function Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3239- Extra Out of Boundary Record Parsing Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3240- Real Time Data Array Record Vulnerability
  IPS 5838Malicious Excel Document 4b
• CVE-2010-3241- Out-of-Bounds Memory Write in Parsing Vulnerability
  Note: There are no known public exploits targeting this vulnerability.
• CVE-2010-3242- Ghost Record Type Parsing Vulnerability
  Note: There are no known public exploits targeting this vulnerability.

MS10-081 Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2296011)

• CVE-2010-2746- Comctl32 Heap Overflow Vulnerability
  Note: There are no known public exploits targeting this vulnerability.

MS10-082 Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111)

• CVE-2010-2745- Windows Media Player Memory Corruption Vulnerability
  Note: There are no known public exploits targeting this vulnerability.

MS10-083 Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution (2405882)

• CVE-2010-1263- COM Validation Vulnerability
  Note: This is a platform design-level issue. The detection logic varies in different ActiveX control.

MS10-084 Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937)

• CVE-2010-3222- LPC Message Buffer Overrun Vulnerability
  Note: This is a Local elevation of privilege.

MS10-085 Vulnerability in SChannel Could Allow Denial of Service (2207566)

• CVE-2010-3229- TLSv1 Denial of Service Vulnerability
  IPS 5846MS IIS 7.0 Denial of Service Attempt

MS10-086 Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255)

• CVE-2010-3223- Permissions on New Cluster Disks Vulnerability
  Note: There is no way to differentiate malformed and legitimate traffic.