Symantec product detections for Microsoft monthly Security Advisories - December 2011

Article:TECH176732  |  Created: 2011-12-12  |  Updated: 2012-07-09  |  Article URL http://www.symantec.com/docs/TECH176732
Article Type
Technical Solution

Product(s)

Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



ID and Rating CAN/CVE ID: CVE-2011-3402
BID:
50462
Microsoft ID:
MS11-087
MSKB:
2639417
Microsoft Rating:
Critical
Vulnerability Type Microsoft Windows 'Win32k.sys' TrueType Font Handling Remote Code Execution Vulnerability
Remote Code Execution Vulnerability
Vulnerability Affects  Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1
Details
  • A previously public (Nov 1, 2011) remote code-execution vulnerability affects Windows kernel-mode drivers when handling specially crafted TrueType fonts.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file, or viewing a malicious web page.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the kernel. This may facilitate a complete system compromise.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: Bloodhound.Exploit.437
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
ID and Rating CAN/CVE ID: CVE-2011-1983
BID:
50956
Microsoft ID:
MS11-089
MSKB:
2590602
Microsoft Rating:
Critical
Vulnerability Type

Microsoft Word Access Violation Remote Code Execution Vulnerability
Remote Code Execution Vulnerability

Vulnerability Affects Microsoft Office 2007 SP2, Office 2007 SP3, Office 2010, Office 2010 SP1 (32-bit editions), Office 2010, Microsoft Office 2010 SP1 (64-bit editions), and Microsoft Office for Mac 2011
Details
  • A remote code-execution vulnerability affects Word when handling specially crafted Word files.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: Bloodhound.Exploit.444
Sygate IDS: N/A
Symantec Critical System Protection IPS:
SCSPBP1: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2011-3397
BID:
50970
Microsoft ID:
MS11-090
MSKB:
2618451
Microsoft Rating:
Critical
Vulnerability Type Microsoft Windows Time Component Remote Code Execution Vulnerability
Remote Code Execution Vulnerability
Vulnerability Affects Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1
Details
  • A remote code-execution vulnerability affects the Microsoft Time ActiveX control.
  • An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response Sig ID: 25018
Detected as
"Web Attack: Internet Explorer CVE-2011-3397"
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: SCSPBP1: Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2011-3410
BID:
50943
Microsoft ID:
MS11-091
MSKB:
2607702
Microsoft Rating:
Critical
 Vulnerability Type Microsoft Publisher Out of Bound Array Index Remote Code Execution Vulnerability
Remote Code Execution Vulnerability
 Vulnerability Affects Microsoft Publisher 2003 SP3, 2007 SP2 and 2007 SP3
 Details
  • A remote code-execution vulnerability affects Publisher when handling a specially crafted file.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening malicious ‘.pub’ file.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: Under review
Sygate IDS:
N/A
Symantec Critical System Protection IPS:
SCSPBP1: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2011-3401
BID:
50957
Microsoft ID:
MS11-092
MSKB:
2648048
Microsoft Rating:
Critical
Vulnerability Type Microsoft Windows Media Player '.dvr-ms' Files CVE-2011-3401 Remote Code Execution Vulnerability
Remote Code Execution Vulnerability
 Vulnerability Affects Windows XP Media Center Edition 2005 SP3, Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Vista SP2, Windows Vista x64 Edition SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, and Windows 7 for x64-based Systems SP1
 Details
  • A remote code-execution vulnerability affects Media Player and Media Center due to how they handle ‘.dvr-ms’ files.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening a malformed file.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code with system-level privileges. This may facilitate a complete system compromise.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV:Bloodhound.Exploit.445
Sygate IDS: N/A
Symantec Critical System Protection IPS: SCSPBP2: Generic Windows Service Protection

 

 ID and Rating CAN/CVE ID: CVE-2011-2010
BID:
50950
Microsoft ID:
MS11-088
MSKB:
2652016
Microsoft Rating: Important
 Vulnerability Type Microsoft Pinyin IME (CVE-2011-2010) Local Privilege Escalation Vulnerability
Escalation of Privilege Vulnerability
 Vulnerability Affects Microsoft Pinyin IME 2010 (32-bit editions), Microsoft Pinyin IME 2010 (64-bit editions), Microsoft Office Pinyin SimpleFast Style 2010, Microsoft Office Pinyin New Experience Style 2010 (32-bit versions), Microsoft Office Pinyin SimpleFast Style 2010, and Microsoft Office Pinyin New Experience Style 2010 (64-bit versions)
 Details
  • A local privilege-escalation vulnerability affects Microsoft Office IME because of how it exposes configurations options.
  • A local attacker may be able to exploit this issue to execute arbitrary code with kernel-level privileges.
  • This may facilitate a complete system compromise.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS:
N/A
Symantec Critical System Protection IPS:
N/A
 ID and Rating CAN/CVE ID: CVE-2011-3411
BID:
50949
Microsoft ID:
MS11-091
MSKB:
2607702
Microsoft Rating:
Important
 Vulnerability Type Microsoft Publisher Invalid Pointer Remote Code Execution Vulnerability
Remote Code Execution Vulnerability
 Vulnerability Affects Microsoft Publisher 2003 SP3
 Details
  • A remote code-execution vulnerability affects Publisher when handling a specially crafted file.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening malicious ‘.pub’ file.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: Bloodhound.Exploit.447
Sygate IDS: N/A
Symantec Critical System Protection IPS: SCSPBP1: Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2011-3412
BID:
50955
Microsoft ID: MS11-091
MSKB:
2607702
Microsoft Rating:
Important
 Vulnerability Type Microsoft Publisher (CVE-2011-3412) Remote Memory Corruption Vulnerability
Remote Code Execution Vulnerability
 Vulnerability Affects Microsoft Publisher 2003 SP3, 2007 SP2 and 2007 SP3
 Details
  • A remote code-execution vulnerability affects Publisher when handling a specially crafted file.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening malicious ‘.pub’ file.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: SCSPBP1: Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2011-3400
BID:
50977
Microsoft ID:
MS11-093
MSKB:
2624667
Microsoft Rating:
Important
 Vulnerability Type Microsoft Windows OLE Property CVE-2011-3400 Remote Code Execution Vulnerability
Remote Code Execution Vulnerability
 Vulnerability Affects Microsoft Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1, Windows Server 2003 x64 Edition, Windows Server 2003 with SP1 for Itanium-based Systems
 Details
  • A remote code-execution vulnerability affects Object Linking and Embedding (OLE) due to improper handling of OLE objects.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted OLE object.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: Bloodhound.Exploit.443
Sygate IDS: N/A
Symantec Critical System Protection IPS:
SCSPBP1: Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2011-3396
BID:
50967
Microsoft ID:
MS11-094
MSKB:
2639142
Microsoft Rating:
Important
 Vulnerability Type Microsoft PowerPoint DLL Loading Arbitrary Code Execution Vulnerability
Remote Code Execution Vulnerability
 Vulnerability Affects Microsoft PowerPoint 2007 SP2 and 2010
 Details
  • A remote code-execution vulnerability affects PowerPoint due to how it loads DLL files.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening a file associated with the application from a remote WebDAV or SMB share.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: SCSPBP1: Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2011-3413
BID:
50964
Microsoft ID: MS11-094
MSKB:
2639142
Microsoft Rating:
Important
 Vulnerability Type Microsoft PowerPoint OfficeArt CVE-2011-3413 Remote Code Execution Vulnerability
Remote Code Execution Vulnerability
 Vulnerability Affects Microsoft PowerPoint 2007 SP2, 2007 SP3, Microsoft Office 2008 for Mac, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2, and Microsoft PowerPoint Viewer 2007 SP2
 Details
  • A remote code-execution vulnerability affects PowerPoint when handling specially malformed files.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening a malformed PowerPoint file.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS:
N/A
Symantec Critical System Protection IPS:
SCSPBP1: Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2011-3406
BID:
50959
Microsoft ID:
MS11-095
MSKB:
2640045
Microsoft Rating:
Important
 Vulnerability Type Microsoft Active Directory CVE-2011-3406 Buffer Overflow Vulnerability
Remote Code Execution Vulnerability
 Vulnerability Affects Active Directory, Active Directory Application Mode, Active Directory Lightweight Directory Service
 Details
  • A remote code-execution vulnerability affects Active Directory when accessing a memory buffer that has not been properly initialized.
  • An authenticated attacker may be able to exploit this issue to execute arbitrary code in the context of the affected application.
  • This may facilitate a complete system compromise.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: SCSPBP4: Windows System Startup Process Protection

 

 ID and Rating CAN/CVE ID: CVE-2011-3403
BID:
50954
Microsoft ID:
MS11-096
MSKB:
2640241
Microsoft Rating:
Important
 Vulnerability Type Microsoft Excel CVE-2011-3403 Remote Code Execution Vulnerability
Remote Code Execution Vulnerability
 Vulnerability Affects Microsoft Excel 2003 SP3 and Microsoft Office 2004 for Mac
 Details
  • A remote code-execution vulnerability affects Excel when handling specially malformed files.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening a malformed Excel file.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: Under review
Sygate IDS: N/A
Symantec Critical System Protection IPS: SCSPBP1: Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2011-3408
BID:
50972
Microsoft ID:
MS11-097
MSKB:
2620712
Microsoft Rating:
Important
 Vulnerability Type Microsoft Windows CSRSS CVE-2011-3408 Local Privilege Escalation Vulnerability
Escalation of Privilege Vulnerability
 Vulnerability Affects Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1
 Details
  • A local privilege-escalation vulnerability affects the Client/Server Run-time Subsystem (CSRSS) when handling device event messages.
  • A local attacker may be able to exploit this issue to run arbitrary code in the context of another process.
  • This may facilitate a complete system compromise.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: SCSPBP2: Generic Windows Service Protection/ SCSPBP4: Windows System Startup Process Protection/ SCSPBP5: Specific Windows Service Protection
 ID and Rating CAN/CVE ID: CVE-2011-2018
BID:
50969
Microsoft ID:
MS11-098
MSKB:
2633171
Microsoft Rating:
Important
 Vulnerability Type Microsoft Windows Kernel CVE-2011-2018 Local Privilege Escalation Vulnerability
Escalation of Privilege Vulnerability
 Vulnerability Affects Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 for 32-bit Systems SP2, Windows 7 for 32-bit Systems, and Windows 7 for 32-bit Systems SP1
 Details
  • A local privilege-escalation vulnerability affects the Windows kernel when handling an object that has not been properly initialized.
  • A local attacker may be able to exploit this issue to run arbitrary code with kernel-level privileges.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
 ID and Rating CAN/CVE ID: CVE-2011-1992
BID:
50974
Microsoft ID:
MS11-099
MSKB:
2618444
Microsoft Rating:
Important
 Vulnerability Type Microsoft Internet Explorer XSS Filter Cross Domain Information Disclosure Vulnerability
Information Disclosure Vulnerability
 Vulnerability Affects Internet Explorer 8
 Details
  • A cross-domain information-disclosure vulnerability affects Internet Explorer.
  • An attacker can exploit this issue by tricking an unsuspecting victim into viewing a specially crafted web page.
  • A successful exploit will allow an attacker to gain access to potentially sensitive information across domains.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: SCSPBP1: Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2011-2019
BID:
50975
Microsoft ID: MS11-099
MSKB:
2618444
Microsoft Rating:
Important
 Vulnerability Type Microsoft Internet Explorer CVE-2011-2019 DLL Loading Arbitrary Code Execution Vulnerability
Remote Code Execution Vulnerability
 Vulnerability Affects Internet Explorer 9
 Details
  • A remote code-execution vulnerability affects Internet Explorer because of how it loads DLL files.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening a file associated with the application from a remote WebDAV or SMB share, or from the local desktop.
  • Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: SCSPBP1: Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2011-3389
BID:
49778
Microsoft ID:
MS11-099
MSKB:
2618444 and 2643584
Microsoft Rating:
Important
 Vulnerability Type SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
Information Disclosure Vulnerability
 Vulnerability Affects Internet Explorer 6, 7, 8, and 9 Affects: Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1
 Details
  • A previously public (Sep 19, 2011) information disclosure vulnerability affects the SSL/TLS protocol.
  • A man-in-the-middle attacker may be able to guess the ciphertext used in encrypted traffic, allowing them to decrypt HTTPS traffic to a targeted victim.
  • The problem occurs due to the way the protocols select the initialization vector (IV) when in CBC (cipher-block chaining) mode.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
 ID and Rating CAN/CVE ID: CVE-2011-1508
BID:
50090
Microsoft ID:
MS11-091
MSKB:
2607702
Microsoft Rating:
Moderate
 Vulnerability Type Microsoft Publisher '.pub' File 'pubconv.dll' Memory Corruption Remote Code Execution Vulnerability
Remote Code Execution Vulnerability
 Vulnerability Affects Microsoft Publisher 2003 SP3, 2007 SP2 and 2007 SP3
 Details
  • A previously public (Oct 12, 2011) remote code-execution vulnerability affects Publisher in the ‘pubconv.dll’ library file.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially malformed ‘.pub’ file.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: SCSPBP1: Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2011-3404
BID:
50976
Microsoft ID:
MS11-099
MSKB:
2618444
Microsoft Rating:
Moderate
 Vulnerability Type Microsoft Internet Explorer CVE-2011-3404 Cross Domain Information Disclosure Vulnerability
Information Disclosure Vulnerability
 Vulnerability Affects Internet Explorer 6, 7, 8, and 9
 Details
  • An information-disclosure vulnerability affects Internet Explorer due to how it renders certain web pages.
  • An attacker can exploit this issue by tricking an unsuspecting victim into viewing a specially malformed web page.
  • A successful exploit may result in the disclosure of potentially sensitive information across domains.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: SCSPBP1: Generic Windows Interactive Protection

 

 




Article URL http://www.symantec.com/docs/TECH176732


Terms of use for this information are found in Legal Notices