Microsoft Security Bulletins Coverage (Jun 15, 2011)

SonicWALL has analyzed and addressed Microsoft's security advisories for the month of June, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-037 Vulnerability in MHTML Could Allow Information Disclosure (2544893)

• MHTML Mime-Formatted Request Vulnerability - CVE-2011-1894
  IPS 6154 MHTML Protocol Handler XSS Attack 1
  IPS 6155 MHTML Protocol Handler XSS Attack 2
  IPS 6201 MHTML Protocol Handler XSS Attack 3

MS11-038 Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)

• OLE Automation Underflow Vulnerability - CVE-2011-0658
  IPS 4297 Generic Client Application Shellcode Exploit 1

MS11-039 Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)

• .NET Framework Array Offset Vulnerability - CVE-2011-0664
  This is a local vulnerability.

MS11-040 Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)

• TMG Firewall Client Memory Corruption Vulnerability - CVE-2011-1889
  There is no feasible method of detection.

MS11-041 Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)

• Win32k OTF Validation Vulnerability - CVE-2011-1873
  There is no feasible method of detection.

MS11-042 Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)

• DFS Memory Corruption Vulnerability - CVE-2011-1868
  IPS 6714 Suspicious CIFS Traffic 7
• DFS Referral Response Vulnerability - CVE-2011-1869
  There is no feasible method of detection.

MS11-043 Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)

• SMB Response Parsing Vulnerability - CVE-2011-1268
  IPS 6713 Suspicious CIFS Traffic 6

MS11-044 Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)

• .NET Framework JIT Optimization Vulnerability - CVE-2011-1271
  There is no feasible method of detection.

MS11-045 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)

• Excel Insufficient Record Validation Vulnerability - CVE-2011-1272
  IPS 6707 Malicious Excel Document 11b
• Excel Improper Record Parsing Vulnerability - CVE-2011-1273
  IPS 6708 Malicious Excel Document 12b
• Excel Out of Bounds Array Access Vulnerability - CVE-2011-1274
  IPS 6709 Malicious Excel Document 13b
• Excel Memory Heap Overwrite Vulnerability - CVE-2011-1275
  IPS 6710 Malicious Excel Document 14b
• Excel Buffer Overrun Vulnerability - CVE-2011-1276
  IPS 6718 Malicious Excel Document 16b
• Excel Memory Corruption Vulnerability - CVE-2011-1277
  IPS 6719 Malicious Excel Document 17b
• Excel WriteAV Vulnerability - CVE-2011-1278
  IPS 6721 Malicious Excel Document 18b
• Excel Out of Bounds WriteAV Vulnerability - CVE-2011-1279
  IPS 6715 Malicious Excel Document 15b

MS11-046 Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)

• Ancillary Function Driver Elevation of Privilege Vulnerability - CVE-2011-1249
  This is a local vulnerability.

MS11-047 Vulnerability in Hyper-V Could Allow Denial of Service (2525835)

• VMBus Persistent DoS Vulnerability - CVE-2011-1872
  This is a local vulnerability.

MS11-048 Vulnerability in SMB Server Could Allow Denial of Service (2536275)

• SMB Request Parsing Vulnerability - CVE-2011-1267
  IPS 6712 Suspicious CIFS Traffic 5

MS11-049 Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)

• XML External Entities Resolution Vulnerability - CVE-2011-1280
  There is no feasible method of detection.

MS11-050 Cumulative Security Update for Internet Explorer (2530548)

• MIME Sniffing Information Disclosure Vulnerability - CVE-2011-1246
  There is no feasible method of detection.
• Link Properties Handling Memory Corruption Vulnerability - CVE-2011-1250
  There is no feasible method of detect
  ion.
• DOM Manipulation Memory Corruption Vulnerability - CVE-2011-1251
  IPS 6723 MS IE DOM Manipulation Memory Corruption Attack
• toStaticHTML Information Disclosure Vulnerability - CVE-2011-1252
  There is no feasible method of detection.
• Drag and Drop Memory Corruption Vulnerability - CVE-2011-1254
  IPS 6722 MS IE Drag and Drop Memory Corruption Attack
• Time Element Memory Corruption Vulnerability - CVE-2011-1255
  There is no feasible method of detection.
• DOM Modification Memory Corruption Vulnerability - CVE-2011-1256
  There is no feasible method of detection.
• Drag and Drop Information Disclosure Vulnerability - CVE-2011-1258
  There is no feasible method of detection.
• Layout Memory Corruption Vulnerability - CVE-2011-1260
  IPS 6148 Suspicious HTML BDO Tag
• Selection Object Memory Corruption Vulnerability - CVE-2011-1261
  IPS 6717 MS IE Selection Object Memory Corruption Attack
• HTTP Redirect Memory Corruption Vulnerability - CVE-2011-1262
  IPS 6716 MS IE HTTP Redirect Memory Corruption Attack

MS11-051 Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)

• Active Directory Certificate Services Vulnerability - CVE-2011-1264
  IPS 1369 Generic Cross-Site Scripting (XSS) Attempt 1
  IPS 3700 Generic Cross-Site Scripting (XSS) Attempt 3
  IPS 4948 Generic Cross-Site Scripting (XSS) Attempt 4
  IPS 1380 Generic Cross-Site Scripting (XSS) Attempt 5
  IPS 1381 Generic Cross-Site Scripting (XSS) Attempt 6

MS11-052 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)

• VML Memory Corruption Vulnerability - CVE-2011-1266
  IPS 6711 MS VML Memory Corruption PoC