Symantec product detections for Microsoft monthly Security Advisories - December 2012

book

Article ID: 157451

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.

Resolution

ID and Rating CAN/CVE ID: CVE-2012-4781
BID: 56828
Microsoft ID: MS12-077
MSKB: 2761465
Microsoft Rating: Critical
Vulnerability Type

 InjectHTMLStream Use After Free Vulnerability
Remote Code Execution Vulnerability

Vulnerability Affects Internet Explorer 9 for Windows Vista Service Pack 2
Internet Explorer 9 for Windows Vista x64 Edition Service Pack 2
Internet Explorer 9 for Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 9 for Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 9 for Windows 7 for 32-bit Systems
Internet Explorer 9 for Windows 7 for 32-bit Systems Service Pack 1
Internet Explorer 9 for Windows 7 for x64-based Systems
Internet Explorer 9 for Windows 7 for x64-based Systems Service Pack 1
Internet Explorer 9 for Windows Server 2008 R2 for x64-based Systems
Internet Explorer 9 for Windows Server 2008 R2 for x64-based Systems Service Pack 1
Details
  • A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted.
  • The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. 
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: [SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2012-4782
BID: 56829
Microsoft ID: MS12-077
MSKB: 2761465
Microsoft Rating: Critical
Vulnerability Type  CMarkup Use After Free Vulnerability
Remote Code Execution Vulnerability
Vulnerability Affects Internet Explorer 9 for Windows Vista Service Pack 2
Internet Explorer 9 for Windows Vista x64 Edition Service Pack 2
Internet Explorer 9 for Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 9 for Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 9 for Windows 7 for 32-bit Systems
Internet Explorer 9 for Windows 7 for 32-bit Systems Service Pack 1
Internet Explorer 9 for Windows 7 for x64-based Systems
Internet Explorer 9 for Windows 7 for x64-based Systems Service Pack 1
Internet Explorer 9 for Windows Server 2008 R2 for x64-based Systems
Internet Explorer 9 for Windows Server 2008 R2 for x64-based Systems Service Pack 1
Details
  • A remote code execution vulnerability exists in the way that Internet xplorer accesses an object in memory that has been deleted.
  • The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: [SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2012-4787
BID: 56830
Microsoft ID: MS12-077
MSKB: 2761465
Microsoft Rating: Critical
Vulnerability Type Improper Ref Counting Use After Free Vulnerability
Remote Code Execution Vulnerability
Vulnerability Affects Internet Explorer 9 for Windows Vista Service Pack 2
Internet Explorer 9 for Windows Vista x64 Edition Service Pack 2
Internet Explorer 9 for Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 9 for Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 9 for Windows 7 for 32-bit Systems
Internet Explorer 9 for Windows 7 for 32-bit Systems Service Pack 1
Internet Explorer 9 for Windows 7 for x64-based Systems
Internet Explorer 9 for Windows 7 for x64-based Systems Service Pack 1
Internet Explorer 9 for Windows Server 2008 R2 for x64-based Systems
Internet Explorer 9 for Windows Server 2008 R2 for x64-based Systems Service Pack 1
Internet Explorer 10 in Windows 8 for 32-bit Systems
Internet Explorer 10 in Windows 8 for 64-bit Systems
Internet Explorer 10 in Windows Server 2012
Internet Explorer 10 in Windows RT
Details
  • A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted.
  • The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS:[SCSPBP1]: Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2012-2556
BID: 56841
Microsoft ID: MS12-078
MSKB: 2783534
Microsoft Rating: Critical
 Vulnerability Type OpenType Font Parsing Vulnerability
Remote Code Execution Vulnerability
 Vulnerability Affects Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for 64-bit Systems
Windows Server 2012
Windows RT
 Details
  • A remote code execution vulnerability exists in the way that affected components handle a specially crafted OpenType font file.
  • The vulnerability could allow remote code execution if a user opens a specially crafted OpenType font file.
  • An attacker who successfully exploited this vulnerability could take complete control of an affected system.
  • An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
ID and Rating CAN/CVE ID: CVE-2012-4786
BID: 56842
Microsoft ID: MS12-078
MSKB: 2783534
Microsoft Rating: Critical
Vulnerability Type TrueType Font Parsing Vulnerability  
Remote Code Execution Vulnerability
 Vulnerability Affects Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for 64-bit Systems
Windows Server 2012
Windows RT
 Details
  • A remote code execution vulnerability exists in the way that affected components handle a specially crafted TrueType font files.
  • The vulnerability could allow remote code execution if a user opens a specially crafted TrueType font file.
  • An attacker who successfully exploited this vulnerability could take complete control of an affected system.
  • An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A

 

 ID and Rating CAN/CVE ID: CVE-2012-2539
BID: 56834
Microsoft ID: MS12-079
MSKB: 2780642 
Microsoft Rating: Critical
 Vulnerability Type Word RTF 'listoverridecount' Remote Code Execution
Remote Code Execution Vulnerability
 Vulnerability Affects Microsoft Word 2003 Service Pack 3
Microsoft Word 2007 Service Pack 2
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 1 (32-bit editions)
Microsoft Word 2010 Service Pack 1 (64-bit editions)
Microsoft Word Viewer
Microsoft Office Compatibility Pack Service Pack 2
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Web Apps 2010 Service Pack 1
 Details
  • A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted Rich Text Format (RTF) data.
  • An attacker who successfully exploited this vulnerability could take complete control of an affected system.
  • An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: [SCSPBP1]: Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2012-4774
BID: 56443
Microsoft ID: MS12-081
MSKB: 2758857
Microsoft Rating: Critical
 Vulnerability Type Windows Filename Parsing Vulnerability
Remote Code Execution Vulnerability
 Vulnerability Affects Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 
 Details
  • A remote code execution vulnerability exists in the way that Microsoft Windows parses filenames.
  • The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. 
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: [SCSPBP1]: Generic Windows Interactive Protection; [SCSPBP2] Generic Windows Service Protection; [SCSPBP4] Windows System Startup Process Protection; [SCSPBP5] Specific Windows Service Protection
 ID and Rating CAN/CVE ID: CVE-2012-4791
BID:  56836
Microsoft ID: MS12-080
MSKB: 2784126
Microsoft Rating: Critical
 Vulnerability Type RSS Feed May Cause Exchange DoS Vulnerability
Denial of Service Vulnerability
 Vulnerability Affects Microsoft Exchange Server 2007 Service Pack 3
Microsoft Exchange Server 2010 Service Pack 1
Microsoft Exchange Server 2010 Service Pack 2
 Details
  • A denial of service vulnerability exists in Microsoft Exchange Server when Exchange improperly handles RSS feeds.
  • The vulnerability could cause the Information Store service on the affected system to become unresponsive until the process is forcibly terminated.
  • This unresponsive condition could cause Exchange databases to dismount, and potentially lead to corruption of databases, affecting user mailboxes.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
 ID and Rating CAN/CVE ID: CVE-2012-1537
BID: 56839
Microsoft ID: MS12-082
MSKB: 2770660
Microsoft Rating: Important
 Vulnerability Type DirectPlay Heap Overflow Vulnerability
Remote Code Execution Vulnerability
 Vulnerability Affects Windows XP Service Pack 3 with DirectX 9.0*
Windows XP Professional x64 Edition Service Pack 2 with DirectX 9.0*
Windows Server 2003 Service Pack 2 with DirectX 10.0
Windows Server 2003 with SP2 for Itanium-based Systems with DirectX 10.0
Windows Server 2008 for Itanium-based Systems Service Pack 2 with DirectX 10.0
Windows Vista Service Pack 2 with DirectX10.0
Windows Vista x64 Edition Service Pack 2 with DirectX10.0
Windows Server 2008 for 32-bit Systems Service Pack 2 with DirectX10.0
Windows Server 2008 for x64-based Systems Service Pack 2 with DirectX10.0
Windows Server 2008 for Itanium-based Systems Service Pack 2 with DirectX10.0
Windows 7 for 32-bit Systems with DirectX11.0
Windows 7 for 32-bit Systems Service Pack 1 with DirectX11.0
Windows 7 for x64-based Systems with DirectX11.0
Windows 7 for x64-based Systems Service Pack 1 with DirectX11.0
Windows Server 2008 R2 for x64-based Systems with DirectX11.0
Windows Server 2008 R2 for x64-based Systems Service Pack 1 with DirectX11.0
Windows Server 2008 R2 for Itanium-based Systems with DirectX11.0
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 with DirectX11.0
Windows 8 for 32-bit Systems with DirectX11.1
Windows 8 for 64-bit Systems with DirectX11.1
Windows Server 2012 with DirectX11.1
 Details
  • A remote code execution vulnerability exists in the way that DirectPlay handles specially crafted content.
  • The vulnerability could allow remote code execution if an attacker convinces a user to view a specially crafted Office document with embedded content.
  • An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data;
  • or create new accounts with full user rights.
  • Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. 
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: [SCSPBP1]: Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2012-2549
BID: 56840
Microsoft ID: MS12-083
MSKB: 2765809
Microsoft Rating: Important
 Vulnerability Type

Revoked Certificate Bypass
Security Bypass Vulnerability

 Vulnerability Affects Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2012 
 Details
  • A security feature bypass vulnerability exists in Windows due to the way the IP-HTTPS Component handles certificates.
  • An attacker who successfully exploited this vulnerability could bypass certificate validation checks.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A