Back to overview

Threat intelligence

Microsoft Security Bulletin Coverage (Dec 11, 2012)

by Security News

Dell SonicWALL has analyzed and addressed Microsoft's security advisories for the month of December, 2012. A list of issues reported, along with Dell SonicWALL coverage information follows:

MS12-077 Cumulative Security Update for Internet Explorer

  • CVE-2012-4781 InjectHTMLStream Use After Free Vulnerability
    Attack cannot be detected on the wire.
  • CVE-2012-4782 CMarkup Use After Free Vulnerability
    Attack cannot be detected on the wire.
  • CVE-2012-4787 Improper Ref Counting Use After Free Vulnerability
    IPS:9341 - Windows IE Improper Ref Counting Use After Free Exploit

MS12-078 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution

  • CVE-2012-2556 OpenType Font Parsing Vulnerability
    GAV:Malformed.otf.MP.8
  • CVE-2012-4786 TrueType Font Parsing Vulnerability
    No known exploits exist in the wild.

MS12-079 Vulnerability in Microsoft Word Could Allow Remote Code Execution

  • CVE-2012-2539 Word RTF 'listoverridecount' Remote Code Execution Vulnerability
    IPS:9342 - MS Word RTF listoverridecount Memory Corruption Exploit

MS12-080 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution

  • CVE-2012-3214 Oracle Outside In Technology Vulnerability
    Local vulnerability.
  • CVE-2012-3217 Oracle Outside In Technology Vulnerability
    Local vulnerability.
  • CVE-2012-4791 RSS Feed May Cause Exchange DoS Vulnerability
    Attack cannot be detected on the wire.

MS12-081 Vulnerability in Windows File Handling Component Could Allow Remote Code Execution

  • CVE-2012-4774 Windows Filename Parsing Vulnerability
    IPS:9346 - MS Windows Filename Parsing Exploit

MS12-082 Vulnerability in DirectPlay Could Allow Remote Code Execution

  • CVE-2012-1537 DirectPlay Heap Overflow Vulnerability
    IPS:9347 - Suspicious Office Document 1 IPS:9348 - Suspicious Office Document 2 IPS:9349 - Suspicious Office Document 3 IPS:9350 - Suspicious Office Document 4 IPS:9351 - Suspicious Office Document 5 IPS:9352 - Suspicious Office Document 6 IPS:9353 - Suspicious Office Document 7

MS12-083 Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass

  • CVE-2012-2549 Revoked Certificate Bypass Vulnerability
    Attack cannot be detected on the wire.

Share This Article

An Article By

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.