Symantec product detections for Microsoft monthly Security Advisories - February 2011

Article:TECH152782

Created: 2011-02-07

Updated: 2012-04-09

Article URL http://www.symantec.com/docs/TECH152782

Article Type
Technical Solution

Product(s)

Show all

Languages

Show all

Problem

This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.

Solution

ID and Rating	CAN/CVE ID: CVE-2010-3971 BID: 45246 Microsoft ID: MS11-003 MSKB: 2482017 Microsoft Rating: Critical
Vulnerability Type	Microsoft Internet Explorer CSS Parsing Remote Memory Corruption Vulnerability Remote Code Execution Vulnerability
Vulnerability Affects	Internet Explorer 6 and 7
Details	A previously public (Dec 8, 2010) remote code-execution vulnerability affects Internet Explorer when parsing Cascading Style Sheet (CSS) expressions. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response	Sig ID: 24026 Detected as "HTTP MSIE CSS File Memory Corruption"
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: Generic Windows Interactive Protection

ID and Rating	CAN/CVE ID: CVE-2011-0035 BID: 46157 Microsoft ID: MS11-003 MSKB: 2482017 Microsoft Rating: Critical
Vulnerability Type	Microsoft Internet Explorer CVE-2011-0035 Uninitialized Memory Remote Code Execution Vulnerability Remote Code Execution Vulnerability
Vulnerability Affects	Internet Explorer 6 and 7
Details	A remote code-execution vulnerability affects Internet Explorer due to how it handles an object that has not been properly initialized, or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS:Generic Windows Interactive Protection

ID and Rating	CAN/CVE ID: CVE-2011-0036 BID: 46158 Microsoft ID: MS11-003 MSKB: 2482017 Microsoft Rating: Critical
Vulnerability Type	Microsoft Internet Explorer CVE-2011-0036 Uninitialized Memory Remote Code Execution Vulnerability Remote Code Execution Vulnerability
Vulnerability Affects	Internet Explorer 6 and 7
Details	A remote code-execution vulnerability affects Internet Explorer due to how it handles an object that has not been properly initialized, or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: Bloodhound.Exploit.388 Sygate IDS: N/A Symantec Critical System Protection IPS:Generic Windows Interactive Protection

ID and Rating	CAN/CVE ID: CVE-2010-3970 BID: 45662 Microsoft ID: MS11-006 MSKB: 2483185 Microsoft Rating:Critical
Vulnerability Type	Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Buffer Overflow Vulnerability Buffer Overflow Vulnerability
Vulnerability Affects	Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP1 and SP2, Windows Vista x64 Edition SP1 and SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, and Windows Server 2008 for Itanium-based Systems SP2
Details	A previously public (Jan 4, 2011) remote-code execution vulnerability affects the Windows Shell graphics processor. The problem occurs in the 'CreateSizedDIBSECTION()' function of the 'shimgvw.dll' file when handling malformed thumbnails. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious thumbnail image. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV:Bloodhound.Exploit.384 Sygate IDS: N/A Symantec Critical System Protection IPS:Generic Windows Interactive Protection

ID and Rating	CAN/CVE ID: CVE-2011-0033 BID: 46106 Microsoft ID: MS11-007 MSKB: 2485376 Microsoft Rating:Critical
Vulnerability Type	Microsoft Windows OpenType Compact Font Format Remote Code Execution Vulnerability Remote Code Execution Vulnerability
Vulnerability Affects	Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP1 and SP2, Windows Vista x64 Edition SP1 and SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems
Details	A remote code-execution vulnerability affects the OpenType Compact Font Format (CFF) driver. An attacker can exploit this issue by hosting a specially malformed OpenType font on a remote share and tricking an unsuspecting victim into navigating to it. When the font is processed, attacker-supplied code will execute in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response	Sig ID: N/A
	AV: Under review Sygate IDS: N/A Symantec Critical System Protection IPS:Generic Windows Interactive Protection

ID and Rating	CAN/CVE ID: CVE-2010-4398 BID: 45045 Microsoft ID: MS11-011 MSKB: 2393802 Microsoft Rating:Important
Vulnerability Type	Microsoft Windows User Access Control (UAC) Bypass Local Privilege Escalation Vulnerability Local Escalation of Privilege Vulnerability
Vulnerability Affects	Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems
Details	A previously public (Nov. 24, 2010) privilege-escalation vulnerability affects the 'RtlQueryRegistryValues()' API function of Microsoft Windows. A local attacker can exploit this issue to bypass User Access Control (UAC) protections and gain complete control of an affected computer.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: N/A

ID and Rating	CAN/CVE ID: CVE-2011-0045 BID: 46136 Microsoft ID: MS11-011 MSKB: 2393802 Microsoft Rating: Important
Vulnerability Type	Microsoft Windows Kernel Integer Truncation Local Privilege Escalation Vulnerability Local Escalation of Privilege Vulnerability
Vulnerability Affects	Windows XP SP3
Details	A local privilege-escalation vulnerability affects Microsoft Windows due to how it allocates memory when handling user-supplied data. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. This may facilitate a complete compromise of the affected computer.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: N/A

ID and Rating	CAN/CVE ID: CVE-2011-0092 BID: 46137 Microsoft ID: MS11-008 MSKB: 2451879 Microsoft Rating: Important
Vulnerability Type	Microsoft Visio Object Memory Corruption (CVE-2011-0092) Remote Code Execution Vulnerability Remote Code Execution Vulnerability
Vulnerability Affects	Microsoft Visio 2002 SP3, Microsoft Visio 2003 SP3, and Microsoft Visio 2007 SP2
Details	A remote code-execution vulnerability affects Visio. An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted Visio file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: Generic Windows Interactive Protection

ID and Rating	CAN/CVE ID: CVE-2011-0093 BID: 46138 Microsoft ID: MS11-008 MSKB: 2451879 Microsoft Rating: Important
Vulnerability Type	Microsoft Visio Data Type Memory Corruption (CVE-2011-0093) Remote Code Execution Vulnerability Remote Code Execution Vulnerability
Vulnerability Affects	Microsoft Visio 2002 SP3, Microsoft Visio 2003 SP3, and Microsoft Visio 2007 SP2
Details	A remote code-execution vulnerability affects Visio when parsing certain structures. An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted Visio file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: Generic Windows Interactive Protection

ID and Rating	CAN/CVE ID: CVE-2011-0031 BID: 46139 Microsoft ID: MS11-009 MSKB: 2475792 Microsoft Rating: Important
Vulnerability Type	Microsoft VBScript and JScript Scripting Engines CVE-2011-0031 Information Disclosure Vulnerability Information Disclosure Vulnerability
Vulnerability Affects	Jscript 5.8 and VBScript 5.8
Details	A remote information-disclosure vulnerability affects the JScript and VBScript scripting engines due to a memory corruption error. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit may result in the disclosure of potentially sensitive information. Information obtained may aid in further attacks.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: Bloodhound.Exploit.387 Sygate IDS: N/A Symantec Critical System Protection IPS: Generic Windows Interactive Protection

ID and Rating	CAN/CVE ID: CVE-2011-0030 BID: 46142 Microsoft ID: MS11-010 MSKB: 2476687 Microsoft Rating: Important
Vulnerability Type	Microsoft Windows CSRSS (CVE-2011-0030) Local Privilege Escalation Vulnerability Local Escalation of Privilege Vulnerability
Vulnerability Affects	Windows Vista SP1 and SP2, Windows Vista x64 Edition SP1 and SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for Itanium-based Systems
Details	A local privilege-escalation vulnerability affects the Client/Server Run-time Subsystem (CSRSS). An attacker can exploit this issue to deploy eavesdropping software to listen to subsequent logins and the interactions of those users. Information obtained may aid in further attacks.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: Windows System Startup Process Protection

ID and Rating	CAN/CVE ID: CVE-2011-0040 BID: 46145 Microsoft ID: MS11-005 MSKB: 2478953 Microsoft Rating: Important
Vulnerability Type	Microsoft Active Directory Service Principal Names (CVE-2011-0040) Denial Of Service Vulnerability Denial Of Service Vulnerability
Vulnerability Affects	Active Directory
Details	A denial-of-service vulnerability affects Active Directory when handling service principal (SPN) names. An attacker can exploit this issue by sending specially crafted packets to the affected server. A successful exploit may cause name collisions in the domain, or possible cause the affected server to become unresponsive.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: N/A

ID and Rating	CAN/CVE ID: CVE-2011-0039 BID: 46152 Microsoft ID: MS11-014 MSKB: 2478960 Microsoft Rating: Important
Vulnerability Type	Microsoft Windows LSASS Length Validation Local Privilege Escalation Vulnerability Local Escalation of Privilege Vulnerability
Vulnerability Affects	Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, and Windows Server 2003 with SP2 for Itanium-based Systems
Details	A local privilege-escalation vulnerability affects the Local Security Subsystem Authentication Service (LSASS) when handling certain authentication requests. A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. This may facilitate complete compromise of the affected computer.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: Windows System Startup Process Protection

ID and Rating	CAN/CVE ID: CVE-2011-0086 BID: 46141 Microsoft ID: MS11-012 MSKB: 2479628 Microsoft Rating: Important
Vulnerability Type	Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0086) Local Privilege Escalation Vulnerability Local Escalation of Privilege Vulnerability
Vulnerability Affects	Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for Itanium-based Systems
Details	A local privilege-escalation vulnerability affects Windows kernel-mode drivers when validating data supplied from user-mode to kernel-mode. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. This may facilitate a complete compromise of the affected computer.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: N/A

ID and Rating	CAN/CVE ID: CVE-2011-0087 BID: 46148 Microsoft ID: MS11-012 MSKB: 2479628 Microsoft Rating: Important
Vulnerability Type	Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0087) Local Privilege Escalation Vulnerability Local Escalation of Privilege Vulnerability
Vulnerability Affects	Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP1 and SP2, Windows Vista x64 Edition SP1 and SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2
Details	A local privilege-escalation vulnerability affects Windows kernel-mode drivers when validating data supplied from user-mode to kernel-mode. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. This may facilitate a complete compromise of the affected computer.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: N/A

ID and Rating	CAN/CVE ID: CVE-2011-0088 BID: 46147 Microsoft ID: MS11-012 MSKB: 2479628 Microsoft Rating: Important
Vulnerability Type	Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0088) Local Privilege Escalation Vulnerability Local Escalation of Privilege Vulnerability
Vulnerability Affects	Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP1 and SP2, Windows Vista x64 Edition SP1 and SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for Itanium-based Systems
Details	A local privilege-escalation vulnerability affects Windows kernel-mode drivers when validating data supplied from user-mode to kernel-mode. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. This may facilitate a complete compromise of the affected computer
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: N/A

ID and Rating	CAN/CVE ID: CVE-2011-0089 BID: 46149 Microsoft ID: MS11-012 MSKB: 2479628 Microsoft Rating: Important
Vulnerability Type	Microsoft Windows Kernel 'Win32k.sys' Pointer Validation Local Privilege Escalation Vulnerability Local Escalation of Privilege Vulnerability
Vulnerability Affects	Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP1 and SP2, Windows Vista x64 Edition SP1 and SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for Itanium-based Systems
Details	A local privilege-escalation vulnerability affects Windows kernel-mode drivers when validating data supplied from user-mode to kernel-mode. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. This may facilitate a complete compromise of the affected computer.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: N/A

ID and Rating	CAN/CVE ID: CVE-2011-0090 BID: 46150 Microsoft ID: MS11-012 MSKB: 2479628 Microsoft Rating: Important
Vulnerability Type	Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0090) Local Privilege Escalation Local Escalation of Privilege Vulnerability
Vulnerability Affects	Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP1 and SP2, Windows Vista x64 Edition SP1 and SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for Itanium-based Systems
Details	A local privilege-escalation vulnerability affects Windows kernel-mode drivers when validating data supplied from user-mode to kernel-mode. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. This may facilitate a complete compromise of the affected computer.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: N/A

ID and Rating	CAN/CVE ID: CVE-2010-3972 BID: 45542 Microsoft ID: MS11-004 MSKB: 2489256 Microsoft Rating: Important
Vulnerability Type	Microsoft IIS FTP Service Remote Buffer Overflow Vulnerability Remote Buffer Overflow Vulnerability
Vulnerability Affects	Microsoft FTP Service 7.0 for IIS 7.0, Microsoft FTP Service 7.5 for IIS 7.0, and Internet Information Services 7.5
Details	A previously public (Dec 21, 2010) buffer-overflow vulnerability affects the Internet Information Service FTP service. The problem occurs in the 'TELNET_STREAM_CONTEXT::OnSendData()' function of the 'ftpsvc.dll' library when processing certain FTP commands. A remote attacker can exploit this issue to execute arbitrary code in the context of the affected application.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: IIS Protection

ID and Rating	CAN/CVE ID: CVE-2011-0043 BID: 46130 Microsoft ID: MS11-013 MSKB:2496930 Microsoft Rating: Important
Vulnerability Type	Microsoft Windows Kerberos Unkeyed Checksum Local Privilege Escalation Vulnerability Local Escalation of Privilege Vulnerability
Vulnerability Affects	Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems
Details	A remote spoofing vulnerability affects the Microsoft Windows implementation of Kerberos because it does not properly enforce a stronger encryption standard. A man-in-the-middle attacker can potentially exploit this issue to downgrade the encryption on traffic, enabling them to read it. Information obtained may aid in further attacks.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: N/A

ID and Rating	CAN/CVE ID: CVE-2011-0091 BID: 46140 Microsoft ID: MS11-013 MSKB:2496930 Microsoft Rating: Important
Vulnerability Type	Microsoft Windows Kerberos Encryption Standard Spoofing Vulnerability
Vulnerability Affects	Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems
Details	A remote spoofing vulnerability affects the Microsoft Windows implementation of Kerberos because it does not properly enforce a stronger encryption standard. A man-in-the-middle attacker can potentially exploit this issue to downgrade the encryption on traffic, enabling them to read it. Information obtained may aid in further attacks.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: N/A

ID and Rating	CAN/CVE ID: CVE-2011-0038 BID: 46159 Microsoft ID: MS11-003 MSKB: 2482017 Microsoft Rating: Moderate
Vulnerability Type	Microsoft Internet Explorer DLL Loading Arbitrary Code Execution Vulnerability Remote Code Execution Vulnerability
Vulnerability Affects	Internet Explorer 6, 7, and 8
Details	A remote code-execution vulnerability affects Internet Explorer due to how it loads DLL files. An attacker can exploit this issue by tricking an unsuspecting victim into opening an HTML file from a remote WebDAV or SMB share. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response	Sig ID: Under review
Other Detections	AV: Under review Sygate IDS: N/A Symantec Critical System Protection IPS: Generic Windows Interactive Protection

Article URL http://www.symantec.com/docs/TECH152782

Symantec product detections for Microsoft monthly Security Advisories - February 2011

Problem

Solution

Please Sign In

Knowledge Base Search

Knowledge Base Search

MySymantec

MySymantec

Contacting Support

Contacting Support