BJK Research

The BugBlog

The BugBlog is a daily look at computer bugs, incompatibilities, and other things that can go wrong with your computer.

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. The BugBlog uses monthly archives. All of the current month's bugs are here. Use the links on the left to jump back to past months, or use the search form. XML

6/28/2007 Apple Patches Cross-Site Scripting Bug

A bug in the WebCore for Apple Mac OS X 10.3.9 and 10.4.9 may allow a website to launch a cross-site scripting attack, tricking you into revealing personal data to the wrong website. Apple has fixed this in the 2007-006 Security Update. Read more about it at http://docs.info.apple.com/article.html?artnum=305759. Apple credits Richard Moore of Westpoint Ltd.for finding this bug.

6/27/2007 How To Crash Vista

Information Week tells us a sure-fire way to crash Windows Vista -- hold down the Windows key and the E key together for ten seconds. Read about it at http://www.informationweek.com/blog/main/archives/2007/06/how_to_crash_wi.html. Not having a Vista machine, I can't test it. There's also a link to an article on crash recovery techniques.

If you've been wondering where the BugBlog has been -- a combination of some hardware problems that caused a bunch of platform and software shuffling, some unexpected personal travel, and an influx of high-paying work have all intervened in a perfect storm. That storm is slowly abating (although the high-paying work is still around.)

6/22/2007 System Restore Changed in Vista

According to Microsoft, because of the way the the Trusted Installer has changed in Windows Vista, third-party System Restore tools probably won't work correctly in Windows Vista. You won't end up with a completely restored system. Microsoft has a hotfix for this, which will be in a future service pack. Need the fix right away? See http://support.microsoft.com/kb/935606/.

6/21/2007 Mac OS X 10.4.10 Fixes USB Bugs

Apple has included a number of USB fixes in their OS X 10.4.10 update. The IR remote controller should now work better after waking the computer from sleep; external USB drives should be more stable when mounted; and the bug that kept the TomTom GO 910 from being recognized is fixed

6/20/2007 RealNetworks ActiveX Bug

If you play games at RealNetworks GameHouse website, you use an ActiveX control called dldisplay. There are multiple bugs in this control that may allow a remote user, by constructing a booby-trapped website, to run hostile code on your computer. There is no fix yet, other than disabling the ActiveX control. The bug was found by Will Dormann of US CERT. They show how to disable the control at http://www.kb.cert.org/vuls/id/179105.

6/19/2007 Vertical Fonts, Postscript Printing, and Vista

The three things in the title -- vertical fonts, Postscript, and Windows Vista -- don't go together. If you mix a regular font and a vertical font (typically an Asian font whose name starts with the @ sign) and try to print to a Postscript printer from Vista, and the printing won't be correct. If you do this often, you may want to get the hotfix that Microsoft discusses at http://support.microsoft.com/kb/937018

Today's BugBlog Plus has five more bugs and fixes for Apple, Cerulean, Google, and Microsoft.

6/18/2007 Safari for Windows is Beta

Just to point out the obvious -- the recently-released Apple Safari for Windows is still a beta product. Beta products are supposed to have bugs. In this case, Symantec (and others) point out that Safari for Windows is vulnerable to a number of well-known browser exploits, including denial of service and remote code exploits. Read more at http://www.symantec.com/enterprise/security_response/weblog/2007/06/vulnerabilities_for_safari_on.html.

Today's BugBlog Plus has five more bugs and fixes for Apple, IBM, Microsoft and Sun Microsystems.

6/17/2007 Vista USB Telephony Bug

Connect a USB telephony device to a Windows Vista computer, and Vista may decide to make it the default audio device. That should play havoc with audio/visual applications. Microsoft says this is because Vista sees that the device has audio capabilities, but doesn't determine the correct kind. There is a hotfix for this, which will be in a future service pack. If you need it right away, see http://support.microsoft.com/kb/936004.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, and Microsoft.

6/16/2007 Red Hat Patches the Kernel

Red Hat has patched the kernel for Red Hat Enterprise Linux 5. This fixes a number of bugs that may have allowed: denial of service attacks from local users via mount handling; denial of service attacks from remote users via PPP over Ethernet; information leaks to local users via Bluetooth. See all the bugs that are fixed, and get the patch, at https://rhn.redhat.com/errata/RHSA-2007-0376.html.

Today's BugBlog Plus has five more bugs and fixes for Adobe and Microsoft.

6/14/2007 OpenOffice RTF Bug

There is a bug in the way that OpenOffice handles RTF (Rich Text Format) documents. An attacker can design an RTF document, that when launched in OpenOffice 2.2 or earlier, runs hostile code on the computer. This has been fixed in OpenOffice 2.2.1, which you can get at http://www.openoffice.org/. John Heasman of NGSSoftware found this bug.

6/13/2007 8192 Is An Unlucky Number for Dreamweaver

According to the Adobe Dreamweaver CS3 for Windows Read Me, if you create a CSS (Cascading Style Sheet) file in Dreamweaver that is exactly 8192 bytes, or some multiple of 8192, in size, then Dreamweaver will crash. It also won't restart until you change the size of that stylesheet. Luckily, you don't have to use Dreamweaver -- any text editor, including Windows Notepad, will do. Open the file there, and add or subtract a few characters or comments.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, IBM, Microsoft, and Sun Microsystems.

6/12/2007 Critical Mail Bug in Windows Vista

There is a bug in the Windows Mail application within Windows Vista that an attacker can use to take complete control of the system. The bug is in the way Windows Mail deals with UNC navigation requests. Because of the scope of the damage, which can be triggered by reading an email, Microsoft considers this a critical update. Microsoft has patch information at http://www.microsoft.com/technet/security/bulletin/ms07-034.mspx. In the meantime, reading mail as plain text can serve as a workaround.

Today's BugBlog Plus has five more bugs and fixes for Microsoft's Patch Tuesday.

6/11/2007 Bad Bunny Attack Via OpenOffice

SB.Badbunny is a virus that works via macros in OpenOffice documents, spreading itself via IRC (Internet Relay Chat). The virus is cross-platform, for Symantec reports that it can attack via OpenOffice in Windows, Linux, and Mac OS X computers. The virus also uses Ruby, Javascript, Python and Perl, but there's enough bugs in the scripts that BadBunny doesn't hop to other computers very well. Read more at http://www.symantec.com/enterprise/security_response/weblog/2007/06/bad_bunny.html.

Today's BugBlog Plus has ten more bugs and fixes for Apple, Linux, Microsoft, Red Hat, TI, and Symantec.

6/8/2007 Another Vista Activation Problem

Try to activate Windows Vista, and you may see this error message:
Activation Error: Code 0x8007232b DNS Name does not exist
Microsoft says this error would tend to occur if volume-licensed media was used to install Windows Vista, and not an ordinary retail purchase and upgrade. There are three workarounds: set up a Key Management Service server; use a Multiple Activation Key (MAK); or use a license key. See the details at http://support.microsoft.com/kb/938107.

6/7/2007 ActiveX Bugs in Yahoo! Messenger

There are two bugs in the Yahoo! Messenger that may allow attackers to take complete control of your system. The bugs are in ActiveX controls -- one in the Yahoo! Webcam Upload (ywcupl.dll) ActiveX control, and the other in the Yahoo! Webcam Viewer. See more at http://secunia.com/advisories/25547/. Credit for finding these bugs goes to Danny.

6/6/2007 Vista Desktop Bug

Switching from the secure desktop in Windows Vista to the unsecured desktop may trigger this Stop error message:
Stop 0x00000001 (0x00000000, 0x7ffdc000, 0x0000ffff, 0x00000000)
where the first, second, and fourth numbers in parentheses may have different values. This will happen if you are using the Windows Aero color scheme, and you entered your logon credential to unlock the secure desktop. Microsoft says that an event hook must also be running to trigger the bug, which is in Win32k.sys. They have a hotfix, which will be in a future service pack. If you can't wait for the fix, see http://support.microsoft.com/kb/935936 for information on getting it right away.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, CA and Microsoft.

6/5/2007 Vista Diagnostic Mode Activation Problem

If you start a Windows Vista computer in diagnostic startup mode, you may be prompted to activate your copy of Windows Vista. This will happen even if you've done this before. If you don't comply, Microsoft considers you a pirate (arghh!) and will switch Vista in reduced functionality mode. Given that you are probably using diagnostic mode because of a problem, this is about the last thing you want to deal with. It happens because Windows Licensing depends on Plug and Play, which is disabled when you use diagnostic startup mode. It appears that Microsoft realizes how brainless this is, because they have a hotfix for it. Either wait for a future service pack, or go to http://support.microsoft.com/kb/937426 for the fix.

Today's BugBlog Plus has five more bugs and fixes for Apple, Ebooks, Lotus, Microsoft, and Mozilla.

6/4/2007 Thunderbird Password Problems

Mozilla says there is a bug in the way that Thunderbird handles APOP authentication. Because of this, attackers may be able to interpose a malicious mail server between you and your real server, and use it steal your password. Depending on how your authentication system is set up, it may take some programming skill to steal the password. This has been fixed in Thunderbird 2.0.0.4 and 1.5.0.12. Mozilla credits Gaëtan Leurent for finding this bug.

Today's BugBlog Plus has seven more bugs and fixes for Apple, Microsoft, and Symantec.

5/31/2007 Mozilla Fixes Some Layout Engine Bugs

Mozilla released the Firefox 2.0.0.4 and Firefox 1.5.0.12 updates, to fix a number of bugs in the layout engine. Some of these bugs could crash Firefox and corrupt memory, which means they could be exploited as a means of installing malware. Mozilla credits Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn Wargers and Olli Pettay for finding these bugs. You can get the update via the Mozilla update function (Help, Check for Updates) if you haven't gotten notified automatically.

5/30/2007 Flash Player Sound Card Problems

Adobe Flash Player 9.0.45.0 for Windows may have compatibility problems with some sound cards. According to Adobe, the drivers for some Realtek and SoundMax cards may not support WaveOut, which will lead to audio problems. There is no workaround from Adobe -- you'll probably have to wait for a driver update.

 

Google
 
Web www.bjkresearch.com

 

 

 

 

Copyright 2003-2007 BJK Research LLC

 

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Amazon Honor System Click Here to Pay Learn More

BugBlog archives:

May 07
April 07
March 07
Vista Special Report
February 07
January 2007
December 06
November 06
October 06
September 06
August 06
July 06
June 06
May 06
April 06
March 06
February 06
January 06

See the Site Map for BugBlog archives back to 2002