Symantec product detections for Microsoft monthly Security Advisories - February 2011

Article:TECH152782  |  Created: 2011-02-07  |  Updated: 2013-07-22  |  Article URL http://www.symantec.com/docs/TECH152782
Article Type
Technical Solution

Product(s)

Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



ID and Rating CAN/CVE ID: CVE-2010-3971
BID: 45246
Microsoft ID: MS11-003
MSKB: 2482017
Microsoft Rating: Critical
Vulnerability Type  Microsoft Internet Explorer CSS Parsing Remote Memory Corruption Vulnerability
Remote Code Execution Vulnerability
Vulnerability Affects  Internet Explorer 6 and 7
Details
  •  A previously public (Dec 8, 2010) remote code-execution vulnerability affects Internet Explorer when parsing Cascading Style Sheet (CSS) expressions.
  • An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response

Sig ID: 24026
Detected as "HTTP MSIE CSS File Memory Corruption"

Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2011-0035
BID:
46157
Microsoft ID:
MS11-003
MSKB: 2482017
Microsoft Rating: Critical
Vulnerability Type

 Microsoft Internet Explorer CVE-2011-0035 Uninitialized Memory Remote Code Execution Vulnerability
Remote Code Execution Vulnerability

Vulnerability Affects  Internet Explorer 6 and 7
Details
  •  A remote code-execution vulnerability affects Internet Explorer due to how it handles an object that has not been properly initialized, or has been deleted.
  • An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS:
N/A
Symantec Critical System Protection IPS:
Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2011-0036
BID:
46158
Microsoft ID:
MS11-003
MSKB:
2482017
Microsoft Rating: Critical
 Vulnerability Type

 Microsoft Internet Explorer CVE-2011-0036 Uninitialized Memory Remote Code Execution Vulnerability
Remote Code Execution Vulnerability

 Vulnerability Affects  Internet Explorer 6 and 7
 Details
  •  A remote code-execution vulnerability affects Internet Explorer due to how it handles an object that has not been properly initialized, or has been deleted.
  • An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
 Intrusion Protection System (IPS) Response Sig ID: N/A
 Other Detections AV: Bloodhound.Exploit.388
Sygate IDS:
N/A
Symantec Critical System Protection IPS:
Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2010-3970
BID:
45662
Microsoft ID: MS11-006
MSKB: 2483185
Microsoft Rating:
Critical
 Vulnerability Type  Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Buffer Overflow Vulnerability 
Buffer Overflow Vulnerability
 Vulnerability Affects Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP1 and SP2, Windows Vista x64 Edition SP1 and SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, and Windows Server 2008 for Itanium-based Systems SP2
 Details
  • A previously public (Jan 4, 2011) remote-code execution vulnerability affects the Windows Shell graphics processor.
  • The problem occurs in the 'CreateSizedDIBSECTION()' function of the 'shimgvw.dll' file when handling malformed thumbnails. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious thumbnail image.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
 Intrusion Protection System (IPS) Response Sig ID: N/A
 Other Detections

AV:Bloodhound.Exploit.384
Sygate IDS: N/A
Symantec Critical System Protection IPS:Generic Windows Interactive Protection

 ID and Rating CAN/CVE ID: CVE-2011-0033
BID:
46106
Microsoft ID: MS11-007
MSKB: 2485376
Microsoft Rating:
Critical
 Vulnerability Type  Microsoft Windows OpenType Compact Font Format Remote Code Execution Vulnerability
Remote Code Execution Vulnerability
 Vulnerability Affects Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP1 and SP2, Windows Vista x64 Edition SP1 and SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems
 Details
  • A remote code-execution vulnerability affects the OpenType Compact Font Format (CFF) driver.
  • An attacker can exploit this issue by hosting a specially malformed OpenType font on a remote share and tricking an unsuspecting victim into navigating to it.
  • When the font is processed, attacker-supplied code will execute in the context of the currently logged-in user.
 Intrusion Protection System (IPS) Response Sig ID: N/A
  AV: Under review
Sygate IDS: N/A
Symantec Critical System Protection IPS:Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2010-4398
BID: 45045
Microsoft ID:  MS11-011
MSKB: 2393802
Microsoft Rating:Important
 Vulnerability Type Microsoft Windows User Access Control (UAC) Bypass Local Privilege Escalation Vulnerability
Local Escalation of Privilege Vulnerability
 Vulnerability Affects  Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems
 Details
  •  A previously public (Nov. 24, 2010) privilege-escalation vulnerability affects the 'RtlQueryRegistryValues()' API function of Microsoft Windows.
  • A local attacker can exploit this issue to bypass User Access Control (UAC) protections and gain complete control of an affected computer.
 Intrusion Protection System (IPS) Response Sig ID: N/A
 Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
 ID and Rating CAN/CVE ID: CVE-2011-0045
BID: 46136
Microsoft ID: MS11-011
MSKB: 2393802
Microsoft Rating: Important
 Vulnerability Type  Microsoft Windows Kernel Integer Truncation Local Privilege Escalation Vulnerability
Local Escalation of Privilege Vulnerability
 Vulnerability Affects  Windows XP SP3
 Details
  •  A local privilege-escalation vulnerability affects Microsoft Windows due to how it allocates memory when handling user-supplied data.
  • A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
  • This may facilitate a complete compromise of the affected computer.
 Intrusion Protection System (IPS) Response Sig ID: N/A
 Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
 ID and Rating CAN/CVE ID: CVE-2011-0092
BID: 46137
Microsoft ID: MS11-008
MSKB: 2451879
Microsoft Rating: Important
 Vulnerability Type  Microsoft Visio Object Memory Corruption (CVE-2011-0092) Remote Code Execution Vulnerability
Remote Code Execution Vulnerability
 Vulnerability Affects Microsoft Visio 2002 SP3, Microsoft Visio 2003 SP3, and Microsoft Visio 2007 SP2
 Details
  • A remote code-execution vulnerability affects Visio.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted Visio file.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
 Intrusion Protection System (IPS) Response Sig ID: N/A
 Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2011-0093
BID: 46138
Microsoft ID: MS11-008
MSKB: 2451879
Microsoft Rating: Important
 Vulnerability Type  Microsoft Visio Data Type Memory Corruption (CVE-2011-0093) Remote Code Execution Vulnerability
Remote Code Execution Vulnerability
 Vulnerability Affects Microsoft Visio 2002 SP3, Microsoft Visio 2003 SP3, and Microsoft Visio 2007 SP2
 Details
  • A remote code-execution vulnerability affects Visio when parsing certain structures.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted Visio file.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
 Intrusion Protection System (IPS) Response Sig ID: N/A
 Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2011-0031
BID: 46139
Microsoft ID: MS11-009
MSKB: 2475792
Microsoft Rating: Important
 Vulnerability Type

 Microsoft VBScript and JScript Scripting Engines CVE-2011-0031 Information Disclosure Vulnerability 
Information Disclosure Vulnerability

 Vulnerability Affects  Jscript 5.8 and VBScript 5.8
 Details
  • A remote information-disclosure vulnerability affects the JScript and VBScript scripting engines due to a memory corruption error.
  • An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content.
  • A successful exploit may result in the disclosure of potentially sensitive information. Information obtained may aid in further attacks.
 Intrusion Protection System (IPS) Response Sig ID: N/A
 Other Detections

AV: Bloodhound.Exploit.387
Sygate IDS: N/A
Symantec Critical System Protection IPS: Generic Windows Interactive Protection

 ID and Rating CAN/CVE ID: CVE-2011-0030
BID: 46142
Microsoft ID: MS11-010
MSKB: 2476687
Microsoft Rating: Important
 Vulnerability Type Microsoft Windows CSRSS (CVE-2011-0030) Local Privilege Escalation Vulnerability
Local Escalation of Privilege Vulnerability
 Vulnerability Affects  Windows Vista SP1 and SP2, Windows Vista x64 Edition SP1 and SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for Itanium-based Systems
 Details
  • A local privilege-escalation vulnerability affects the Client/Server Run-time Subsystem (CSRSS).
  • An attacker can exploit this issue to deploy eavesdropping software to listen to subsequent logins and the interactions of those users. Information obtained may aid in further attacks.
 Intrusion Protection System (IPS) Response Sig ID: N/A
 Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: Windows System Startup Process Protection
 ID and Rating CAN/CVE ID: CVE-2011-0040
BID: 46145
Microsoft ID: MS11-005
MSKB: 2478953
Microsoft Rating: Important
Vulnerability Type  Microsoft Active Directory Service Principal Names (CVE-2011-0040) Denial Of Service Vulnerability
Denial Of Service Vulnerability 
Vulnerability Affects  Active Directory
 Details
  • A denial-of-service vulnerability affects Active Directory when handling service principal (SPN) names.
  • An attacker can exploit this issue by sending specially crafted packets to the affected server.
  • A successful exploit may cause name collisions in the domain, or possible cause the affected server to become unresponsive.
 Intrusion Protection System (IPS) Response Sig ID: N/A
 Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
 ID and Rating CAN/CVE ID: CVE-2011-0039
BID:  46152
Microsoft ID: MS11-014
MSKB: 2478960
Microsoft Rating: Important
 Vulnerability Type Microsoft Windows LSASS Length Validation Local Privilege Escalation Vulnerability
Local Escalation of Privilege Vulnerability
 Vulnerability Affects Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, and Windows Server 2003 with SP2 for Itanium-based Systems
 Details
  • A local privilege-escalation vulnerability affects the Local Security Subsystem Authentication Service (LSASS) when handling certain authentication requests.
  • A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
  • This may facilitate complete compromise of the affected computer.
 Intrusion Protection System (IPS) Response Sig ID: N/A
 Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: Windows System Startup Process Protection
 ID and Rating CAN/CVE ID: CVE-2011-0086
BID:  46141
Microsoft ID: MS11-012
MSKB: 2479628
Microsoft Rating:
Important
 Vulnerability Type Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0086) Local Privilege Escalation Vulnerability
Local Escalation of Privilege Vulnerability
 Vulnerability Affects Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for Itanium-based Systems
 Details
  • A local privilege-escalation vulnerability affects Windows kernel-mode drivers when validating data supplied from user-mode to kernel-mode.
  • A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. This may facilitate a complete compromise of the affected computer.
 Intrusion Protection System (IPS) Response Sig ID: N/A
 Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
 ID and Rating CAN/CVE ID: CVE-2011-0087
BID: 46148
Microsoft ID: MS11-012
MSKB: 2479628
Microsoft Rating:
Important
 Vulnerability Type Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0087) Local Privilege Escalation Vulnerability
Local Escalation of Privilege Vulnerability
 Vulnerability Affects Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP1 and SP2, Windows Vista x64 Edition SP1 and SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2
 Details
  •  A local privilege-escalation vulnerability affects Windows kernel-mode drivers when validating data supplied from user-mode to kernel-mode.
  • A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
  • This may facilitate a complete compromise of the affected computer.
 Intrusion Protection System (IPS) Response Sig ID: N/A
 Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
ID and Rating CAN/CVE ID: CVE-2011-0088
BID: 46147
Microsoft ID: MS11-012
MSKB: 2479628
Microsoft Rating:
Important
 Vulnerability Type Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0088) Local Privilege Escalation Vulnerability
Local Escalation of Privilege Vulnerability
 Vulnerability Affects Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP1 and SP2, Windows Vista x64 Edition SP1 and SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for Itanium-based Systems
 Details
  •  A local privilege-escalation vulnerability affects Windows kernel-mode drivers when validating data supplied from user-mode to kernel-mode.
  • A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
  • This may facilitate a complete compromise of the affected computer
 Intrusion Protection System (IPS) Response Sig ID: N/A
 Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
 ID and Rating CAN/CVE ID: CVE-2011-0089
BID: 46149
Microsoft ID: MS11-012
MSKB: 2479628
Microsoft Rating:
Important
 Vulnerability Type Microsoft Windows Kernel 'Win32k.sys' Pointer Validation Local Privilege Escalation Vulnerability
Local Escalation of Privilege Vulnerability
 Vulnerability Affects  Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP1 and SP2, Windows Vista x64 Edition SP1 and SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for Itanium-based Systems
 Details
  • A local privilege-escalation vulnerability affects Windows kernel-mode drivers when validating data supplied from user-mode to kernel-mode.
  • A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
  • This may facilitate a complete compromise of the affected computer.
 Intrusion Protection System (IPS) Response Sig ID: N/A
 Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
 ID and Rating

CAN/CVE ID: CVE-2011-0090
BID: 46150
Microsoft ID: MS11-012
MSKB: 2479628
Microsoft Rating:
Important

 Vulnerability Type

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0090) Local Privilege Escalation
Local Escalation of Privilege Vulnerability

 Vulnerability Affects  Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP1 and SP2, Windows Vista x64 Edition SP1 and SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for Itanium-based Systems
 Details
  • A local privilege-escalation vulnerability affects Windows kernel-mode drivers when validating data supplied from user-mode to kernel-mode.
  • A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
  • This may facilitate a complete compromise of the affected computer.
 Intrusion Protection System (IPS) Response Sig ID: N/A
 Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
 ID and Rating CAN/CVE ID:  CVE-2010-3972
BID: 45542
Microsoft ID: MS11-004
MSKB: 2489256
Microsoft Rating: Important
 Vulnerability Type Microsoft IIS FTP Service Remote Buffer Overflow Vulnerability
Remote Buffer Overflow Vulnerability
 Vulnerability Affects  Microsoft FTP Service 7.0 for IIS 7.0, Microsoft FTP Service 7.5 for IIS 7.0, and Internet Information Services 7.5
 Details
  • A previously public (Dec 21, 2010) buffer-overflow vulnerability affects the Internet Information Service FTP service.
  • The problem occurs in the 'TELNET_STREAM_CONTEXT::OnSendData()' function of the 'ftpsvc.dll' library when processing certain FTP commands.
  • A remote attacker can exploit this issue to execute arbitrary code in the context of the affected application.
 Intrusion Protection System (IPS) Response Sig ID: N/A
 Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: IIS Protection
ID and Rating CAN/CVE ID: CVE-2011-0043
BID: 46130
Microsoft ID: MS11-013
MSKB:2496930
Microsoft Rating: Important
Vulnerability Type Microsoft Windows Kerberos Unkeyed Checksum Local Privilege Escalation Vulnerability
Local Escalation of Privilege Vulnerability
Vulnerability Affects Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems
Details
  • A remote spoofing vulnerability affects the Microsoft Windows implementation of Kerberos because it does not properly enforce a stronger encryption standard.
  • A man-in-the-middle attacker can potentially exploit this issue to downgrade the encryption on traffic, enabling them to read it.
  • Information obtained may aid in further attacks.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections

AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A

ID and Rating CAN/CVE ID:  CVE-2011-0091
BID: 46140
Microsoft ID: MS11-013
MSKB:2496930
Microsoft Rating: Important
Vulnerability Type Microsoft Windows Kerberos Encryption Standard Spoofing Vulnerability
Vulnerability Affects  Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems
Details
  • A remote spoofing vulnerability affects the Microsoft Windows implementation of Kerberos because it does not properly enforce a stronger encryption standard.
  • A man-in-the-middle attacker can potentially exploit this issue to downgrade the encryption on traffic, enabling them to read it. Information obtained may aid in further attacks.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
ID and Rating CAN/CVE ID: CVE-2011-0038
BID: 46159
Microsoft ID: MS11-003
MSKB: 2482017
Microsoft Rating: Moderate
Vulnerability Type

Microsoft Internet Explorer DLL Loading Arbitrary Code Execution Vulnerability
  Remote Code Execution Vulnerability

Vulnerability Affects  Internet Explorer 6, 7, and 8
Details
  • A remote code-execution vulnerability affects Internet Explorer due to how it loads DLL files.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening an HTML file from a remote WebDAV or SMB share.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections

AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: Generic Windows Interactive Protection

 

 




Article URL http://www.symantec.com/docs/TECH152782


Terms of use for this information are found in Legal Notices