BugBlog Home
BJK Research Home
BJK Research Home

BugBlog Plus Archives
Current month
Nov 06 by company
Nov 06 by date
Oct 06 by company
Oct 06 by date
Sep 06 by company
Sep 06 by date
Aug 06 by company
Aug 06 by date
July 06 by date
June 06 by date
May 06 by date
Apr 06 by date
Mar 06 by date
Feb 06 by date
Jan 06 by date
Jan 06 by company
Dec 05 by date
Dec 05 by company
Nov 05 by date
Oct 05 by date
Sept 05 by date
Aug 05 by date
July 05 by date
June 05 by date
June 05 by company
May 05 by date
May 05 by company
Apr 05 by date
Apr 05 by company
Mar 05 by date
Mar 05 by company
Feb 05 by date
Feb 05 by company
Jan 05 by date
Jan 05 by company
Dec 04
Dec 04 by company
Nov 04
Oct 04
Sept 04 by date
XP SP 2
Aug 04 by company
Aug 04 by date
Jul 04 by company
Jul 04 by date
June 04 by company
June 04 by date
May 04 by company
May 04 by date
Apr 04 by company
Apr 04 by date
Mar 04 by company
Mar 04 by date
Feb 04 by company
Feb 04 by date
Jan 04 by company
Jan 04 by date
Dec 03 by company
Dec 03 by date
Nov 03 by date
Nov 03 by company

 

Jump to the BugBlog archives (October 03 and earlier are public archives)

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
XP SP2
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02

 

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily

Cleve-blog

Working with Words

Gassho

Sardonic Views

Filtering Craig

Hotel Bruce

Blogcritics.org

Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.

Blogcritics

BugBlog

Adobe | Apple | ATI | Cisco | Dantz | General | HP | IBM | iD | Intel | Intuit | Ipswitch | Macromedia | Mandrake | McAfee | Microsoft | Mozilla | Novell | NVIDIA | Open BSD | Opera | Oracle | Real Networks | Red Hat | Sun Microsystems | Symantec | Trend Micro | Winamp | Yahoo | Zone Alarm

Adobe

If you are upgrading to Adobe Acrobat 7.0 or Adobe Reader 7.0, Adobe recommends that you delete any older versions, such as Acrobat 6.x. It may be possible for the two to co-exist, but you run a definite chance of falling into "DLL Hell." For a complete look at what versions of Acrobat may be able to co-operate, see http://www.adobe.com/support/techdocs/326272.html.

If you are going to create a PDF document from a Microsoft Word file, be careful if the Word doc has an image with a border, and those borders were made via Word's Borders and Shading feature. The PDF creation may be so slow that you might think that Word has locked up or crashed. You will also see a spike in CPU usage. Adobe says to get rid of the borders before you print.

A licensing problem may trip you up if you try to start Adobe Acrobat 7.0 on a Microsoft Windows Terminal Services session, or by using Citrix. Acrobat is installed on the application server. Instead of seeing Acrobat start, you may see this error message
An error has been detected with required application library and the product cannot continue. Please reinstall the application.
Adobe says that in this case, you will need to buy a volume license for Acrobat. You can find out how much this will cost at http://www.adobe.com/aboutadobe/openoptions/.

Adobe says that if you are using InDesign CS on a Mac OS X computer, you may get one of these error message
Adobe InDesign is shutting down. A serious error was detected, please restart.
or
InDesign has unexpectedly quit
Their first potential fix for this is to make sure you have updated to Mac OS X 10.2.8 or later. If you've already done that, they have a number of other potential fixes, including re-creating the InDesign preference file or deleting the adobefnt*.lst. Go to http://www.adobe.com/support/techdocs/330125.html to see the details.

Adobe says that in PageMaker 6.5-7.x, it may appear that you have lost either the page icons or the horizontal scrollbar. Actually, what may have happened is that these have gotten shoved out of view in your PageMaker window. If you Maximize the PageMaker window, you should bring them back into view. Sometimes, however, that may not work. If that's the case, you will need to quite PageMaker, rename your PageMaker preference file, and then restart PageMaker, which will re-create the preference file. However, that will cause you to lose any customization you have done.

Adobe says that if you are working with PageMaker 7.x, you may get error messages when you try to export to PDF, or use the Adobe PDF printer. The error message will be
Cannot send PostScript file to Distiller.
Adobe says to first try to save the file to a different location. In particular, they say to avoid paths or filenames that use a punctuation character. If that doesn't work, you should delete the printer style preference file. See how to do that at http://www.adobe.com/support/techdocs/328397.html.

If you are placing a TIFF or EPS graphic into Adobe PageMaker 6.5 -7.x, and that graphic has a transparency, it may not show up correctly on screen. It will be opaque onscreen, although it does print correctly and also exports to a PDF correctly. Adobe has a number of workarounds for this. The simplest may just be to rotate the graphic .01 degrees. Get all the details on the workarounds at http://www.adobe.com/support/techdocs/331220.html.

Adobe has updated Photoshop Elements 3. The new 3.0.1 update fixes a few bug, including one that was preventing you from changing to European style dates in the Photo Well. It should also be easier to download new templates. Get this update at http://www.adobe.com/support/downloads/detail.jsp?ftpID=2706.

When using Adobe Photoshop, if one of your tool cursors turns into a cross hair symbol instead of its normal symbol, like a brush or an eraser, check your Caps Lock key. If its on, it may change the cursor. If it is not that, go to File, Preferences, Display & Cursors and turn off the Painting Cursors and Other Cursors Precise Option.

Adobe says that a number of third-party programs running on a Mac OS X 10.3.4 computer may interfere with keyboard shortcuts that use the Option, Shift, or spacebar key in Illustrator CS, InDesign CS, or Photoshop CS. One of these programs is Microsoft Office 2004 for the Mac. This incompatibility will get fixed if you install Office 2004 for Mac Service Pack 1.

Adobe says that a number of third-party programs running on a Mac OS X 10.3.4 computer may interfere with keyboard shortcuts that use the Option, Shift, or spacebar key in Illustrator CS, InDesign CS, or Photoshop CS. For two of these programs, Microsoft Entourage and Kanzu Software Image Info, there is no workaround. You will need to quite these two programs before you use the Adobe products.

Adobe says that if you are using Photoshop CS, and you try to print an image description, you may crash Photoshop instead. In Windows, you will get a program error, while on a Mac OS X computer, Photoshop will crash to the desktop. Adobe says that if you want to print the image description, you should give the command File, Print with Preview; Select Show More Options, and then select Output from the drop-down menu; select another option (they suggest Labels or Registration marks) in addition to Description; then you should be able to print without an error.

Apple

Apple says that installing Fincal Cut Pro HD on a Mac OS X computer can cause compatibility problems with iMovie 3 or 4. You may not be able to use iMovie to export a movie to a DV camera over a FireWire connection. Instead, you may see this error message
Lost connection to camera.
iMovie lost the connection to the video camera. please check the connections and try again.
Apple says that you need to move two files from /Library/QuickTime/ to the Desktop. They are DesktopVideoOut.component and DVCPROHDVideoOutput.component. Then restart the computer and export the movies via iMovie. You will need to move those files back, and reboot the computer, before you use Final Cut Pro again.

Apple says that some of their SuperDrives may burn DVD-RW disks that won't be recognized by the Mac OS X DVD Player. The models that cause problems are the Pioneer DVD-RW DVR-106D and the Pioneer DVD-RW DVR-107D. Try to boot these disks, and you may see an error message
Not Permitted
Apple says that if you run into this problem, stick to DVD-R disks when making DVD-Video content.

Apple says the iPod mini (Second Generation) may not get recognized on the USB port on some older versions of Mac OS X. You should be using Mac OS X 10.2.8 or OS X 10.3.4 or later. If you aren't able to update, you won't be able to use the USB connection. However, you will still be able to use the FireWire connection.

Apple says that iLife 05 is incompatible with the original model iBooks. That includes the Blueberry, Tangerine, and Graphite colored books, as well as the FireWire versions, which are Indigo, Key Lime, and Graphite. The problem is that iLife needs a screen resolution of at least 1024 by 768. The original iBooks don't have that.

Apple says that if you have a QuickTime movie that is in the MPEG-1 muxed format, when you import it into iMovie 3, 4, or iMovie HD 5.0, only the video will show up if you play it back in iMovie or if you export it to QuickTime or iDVD. There is no workaround, other than changing the format before importing.

Apple says you should not use Windows Explorer, Disk Utility or most other third-party software to format or partition the hard drive of your iPod. The iPod needs to be formatted either using Mac OS Extended (HFS Plus) or FAT32 as the file format. Anything else and you may disable your iPod. If you manage to do this anyway, Apple says you can use the iPod Updater to restore it back to factory condition. (Doing that also wipes out all your music.)

Apple has an update for iPhoto. The new version 5.0.1 has fixes for minor bugs in book creation, importing MPEG-4 movies, and red eye problems. The automatic updater for Apple is only going to work if you have iPhoto installed in its original location. Get it at http://www.apple.com/support/downloads/iphoto501.html.

Apple says that if you are trying to use your iPod on a Windows 2000 or Windows XP computer, you may have problems getting the iPod Service to load, or it may conflict with another running service. This may give you an error message such as
iPod Service Error
or
The software required for communicating with the iPod is not installed correctly. Please reinstall iTunes to install the iPod's software.
Apple says there are four possible solutions for this. Go to http://docs.info.apple.com/article.html?artnum=93716 and start at the top of the list of fixes, and work your way down.

Apple has an update for iMovie. The new iMovie 5.01 fixes some bugs that affected the audio in PAL widescreen movies. It also fixes some incompatibilities when sharing or exporting HDV to videocamera tapes, and some incompatibilities with analog to digital converter boxes. Get the update at http://www.apple.com/support/downloads/imoviehd501update.html.

If you can't use a camera that is connected to a Mac OS X 10.3 computer, such as with iMovie or some other video application, check to see if Fast User Switching has been turned on. If it is, and some other people are logged on to their accounts, it may cause problems with the camera. Apple also says you shouldn't switch users while you are importing footage from the camera.

Apple says that you can set a Shut Down Schedule in the Energy Saver Schedule preferences in Mac OS X 10.3 or later. However, it will only work if only one user is logged on to the computer. If more than one user is logged on, the automatic shut down won't happen.

Apple says that a PowerBook G4 running Mac OS X 10.3.7 may occasionnaly wake up from a nap but to a blank screen. You won't be able to get it back into action via the keyboard, mouse, or trackpad. This has been fixed in Mac OS X 10.3.8.

Apple says that in Mac OS X 10.3.7 and earlier, some Address Book and Mail LDAP lookups to a Cisco DistributedDirector DNS server may perform rather slowly. This has been fixed, and lookups are faster with the Mac OS X 10.3.8 update.

If you are getting this message in the Mac OS X 10.2 Print Center
An error occurred while trying to add the selected printers. Error 1282
or this message in the Mac OS X 10.3 Printer Setup Utility
server-error-service-unavailable Error 1282
Apple has some fix information at http://docs.info.apple.com/article.html?artnum=107054.

Apple has a security update for their Java plug-in for Mac OS X. The update is for Java 1.4.2, and fixes a bug that may let an untrusted Java applet escalate its system privileges through JavaScript. The update isn't needed for versions before 1.4.2. You can get it at http://docs.info.apple.com/article.html?artnum=300980.

Apple says that in Mac OS X 10.3.7 and earlier, even if you have gone to your Energy Saver preferences and selected "Restart automatically after a power failure", sometimes the computer won't restart automatically. Apple says they have fixed this in the Mac OS X 10.3.8 update.

Apple says that if you are playing Blizzard World of Warcraft you may run into some problems with the Full Screen Glow video feature. This has been fixed in the Mac OS X 10.3.8 update.

There may be some compatibility problems with the Mac OS X 10.3.7 DVD player and some ATI Radeon graphics cards. The problems would show up if you are trying to play a movie on an external widescreen TV using a 16:9 aspect ration. Apple has fixed this in the Mac OS X 10.3.8 update.

If you are using the DVD Player on an Apple PowerBook G4 computer with Mac OS X 10.3.7 and earlier, you may get a screen flicker when going through the DVD menus. This is fixed in the Mac OS X 10.3.8 update.

If you are a Mac OS X 10.3.7 user, you may have noticed that networked applications such as iChat or Mail seen to take a long time to open. Apple says they have fixed this (without actually calling it a bug) in the Mac OS X 10.3.8 update.

If you are going to update to Mac OS X 10.3.8 from earlier versions, and you have a third-party FireWire drive connected to it, Apple says you should disconnect the drive before the update, and only reconnect after you have upgraded to 10.3.8. They don't say why, but in earlier Mac OS X upgrades, they said that data on the drives could get erased.

If you are using Mac OS X 10.3.7 or earlier, Apple says you may have problems getting the Active Directory plugin to bind to an Active Directory server. They say they have fixed this problem in Mac OS X 10.3.8.

Should we blame it on the aliens? Apple says that the fan on some Power Mac G5 computers may behave erratically when certain software is running. They single out the Seti@home software as one of the culprits. They also say they have fixed this in Mac OS X 10.3.8.

ATI

ATI says that if you try to play a saved Call of Duty game on a Windows XP computer with an ATI Radeon 9100 Pro IGP series graphics card, and you have your graphics options set to high, you may get some display corruption. This will happen even with the newest drivers in the ATI Catalyst 5.2 suite. There is no workaround yet.

ATI says their Catalyst 5.2 Control Center has some international problems. If you are changing language settings in the TV properties dialog, you may prevent users from correctly setting the TV Out formats in their regions. As yet, there is no workaround.

ATI has fixed a bug affecting people running the ATI Catalyst 5.1 Control Center. If you install Catalyst 5.2 on a Japanese version of Windows XP, it will get installed with the Japanese language. Earlier versions used English in the Japanese version. Also, the version number of the Catalyst Control Center will be correct in all the local language editions.

ATI says their Catalyst 5.2 update clears up some compatibility problems with 4x4 Evolution. With previous Catalyst versions, if you try to play the game on a Windows XP computer with an ATI Radeon X300/X600 series graphics card set at 1600 by 1200 with OpenGL Renderer, you might crash Windows XP. You also won't get display corruption in the game if the texture details is set to high and you have split screen rendering turned on.

ATI says their updated Catalyst 5.2 drivers fix some incompatibility problems with Maxis Sims 2. Without the update, if you play the Veronaville game on a Window XP computer with the display resolution set to 1024 by 768, and your antialias settings are 6x, you may get display corruption in the fields.

If you are running the ATI Catalyst 5.2 software, along with an ATI graphics card, going to the ATI icon in the system tray and selecting the Problem Report Wizard may not translate correctly. ATI says the wizard will not show up in the supported localized languages. For now, there is no fix.

Cisco

Cisco says that their Cisco Application and Content Networking System (ACNS) software has a bug that may make it vulnerable to a denial of service attack. Also, it may have a default password for the administrator account that may allow outsiders to get access. This software is in the Cisco 500 Series Content Engines, Cisco 7300 Series Content Engines, Cisco Content Routers 4400 series, Cisco Content Distribution Manager 4600 series, Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and 3800 series Integrated Service Routers. You can get update information for the bug at http://www.cisco.com/warp/public/707/cisco-sa-20050224-acnsdos.shtml. To fix the password problem, all you need is a configuration command which is also detailed on that page.

Cisco says that any of the devices using IOS and also has Border Gateway Protocol (BGP) turned on, is vulnerable to a denial of service attack. This includes IOS versions 9.x, 10.x, 11.x and 12.x.. Get fix information for your version at http://www.cisco.com/en/US/products/products_security_advisory09186a00803be7d9.shtml.

 

General

Browsers that support IDN (International Domain Name) are susceptible to a spoofing attack where your address bar will show that you are at a particular site, such as your bank, while the content shown in the browser window is from some other site, such as an identity thief. Browsers that are susceptible include Mozilla, Firefox, OmniWeb, Opera, Konqueror (and other KDE browsers), Netscape, and Apple Safari. One browser that isn't affected is Microsoft Internet Explorer, because it doesn't support IDN. However, there is a plug-in that adds the support, and also the vulnerability. The Secunia security researchers have a test to see if your browser is vulnerable, which you can see at http://secunia.com/multiple_browsers_idn_spoofing_test/. As fix information becomes available, it will be listed individually for each of the browsers.

If your email has a file attachment with a .rar file extension, be extra cautious. A story in eWeek says that virus creators are now using the .rar archive method as a way to package their viruses and get them past the anti-virus systems. The story, at http://www.eweek.com/article2/0,1759,1756636,00.asp, claims "Experts say .rar files carrying viruses have been sailing past commercial anti-virus products and finding their way into the mailboxes of users."

Smart cell phones like the T-Mobile Sidekick are really small computers, which means they can be hacked. In some way, the contents of Paris Hilton's Sidekick got posted on an Internet web site, including the phone numbers of some semi-famous people. (Since most BugBlog readers probably weren't in her address book, we are probably safe.) You can read some of the technical details at http://news.com.com//2100-7349_3-5584691.html, or check out the celebrity aspect at http://news.independent.co.uk/world/americas/story.jsp?story=613486. (I like the British description of her as "pampered hotel heiress and social flit-about.")

The instant messaging (IM) networks of America Online, ICQ, and MSN Networks have already seen ten different worm, Trojan, or virus attacks this year. One of these worms, for instance, spread over the MSN Network via a picture that showed a roast chicken with tan lines. These attacks are being tracked by Akonix Systems, according to a story at C Net at http://news.com.com/Triple+threat+IM+viruses+get+big+jump+on+2005/2100-7349_3-5575653.html.

A UK-base anti-spam organization called the SpamHaus Project warns that there is some new spam software making the rounds that may be particularly troublesome. It may be able to take over a user's computer and turn it into a "zombie" which will then send out junk mail via the user's ISP. This will make it harder for antispam groups to blacklist a mail server -- while they would have no qualms about blacklisting a particular computer that is spewing out spam, it will be much harder if that computer is a mail server belonging to Earthlink or MSN or some other ISP.

Hewlett Packard

There is a buffer overflow bug in the HP-UX FTP daemon that may allow a remote attacker to run their own code on your computer. The vulnerability is present if Debug logging is enabled. You can tell this is turned on if the the ftpd entry in the inetd.conf file has a -v flag. US CERT has information on the patches for this at http://www.kb.cert.org/vuls/id/647438.

Thanks to a tip from BugBlog reader Akbar, there is a bug in the HP iPAQ Pocket PC h6300, hx4700, and rx3000 series handhelds. When you use the HP iPAQ Backup application, with the Server Sync option on a device with the Microsoft Windows Pocket PC 2003 Operating System, you may delete all your Contacts or Calendar information. According to HP, there will be an update to the Backup application that will fix this. Find out more at
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=PSD_MH041118_CW01.

IBM

IBM says that there is a problem with Lotus Notes 6.0.4/6.5.1 where if you use the Enter key, or the smart icons for Navigate Next or Navigate Next Unread to move within an open document, it may appear that the Notes client locks up. However, if you care to wait long enough (five to fifteen minutes) the client will actually come back to life. The problem is when you are dealing with a form that calls the the LotusScript MessageBox function (or statement) in its QueryOpen or PostOpen event, and the form design contains at least one Action. For now, the only fix is to wait, or don't design forms that way.

If you design a Lotus Notes 4.x, 5.x, or 6.x database, and your view uses the ReaderNames field as a way of controlling access, you may really slow down the performance in Notes. According to IBM, the high security that comes with using ReaderNames is the problem. They have some alternative ways of handling access that may work better. See
http://www-1.ibm.com/support/docview.wss?rs=475&context=SSKTWP&dc=DB520&uid=swg21097609 for the details.

IBM says that if you are using Lotus 1-2-3 Release 9.7, the Undo command may quit working. If you upgrade to Lotus 1-2-3 Release 9.8, the Undo command will come back, but then it may disappear again. One workaround, according to IBM, is to manually copy your data, sheet by sheet, into a new 1-2-3 file.

IBM says that in the Lotus Notes 4.6x, 5.x, and 6.x client running on Windows 98, NT, or XP, if you detach an attachment and then select a shortcut folder, shortcut folder's name gets put in the filename parameter automatically, instead of the attachment's name. There is no fix yet, but as a workaround IBM essentially says "Be careful." Either type the attachment's name in directly, or avoid the shortcut and navigate right to the folder.

IBM says the feature in Lotus Organizer 6.0 that can give you driving directions (the Driving Directions SmartIcon) may not work correctly, even if you give it a valid starting and ending address. You may get this error message when you are sent to the MapQuest site
Internal Server Error: Malformed Header
They say they have fixed this in Organizer 6.1. If you haven't upgraded, you can just go right to the MapQuest site at http://www.mapquest.com/directions/main.adp to get directions.

If you are using IBM Lotus Organizer 6.0, and have set up Microsoft Outlook Express as your default email client, Organizer may crash. This will ususally happen after the amount of time you have set in the Organizer Mail and Scheduling preference, "Check my inbox every x minutes...". IBM says this has been fixed in Organizer 6.1.

iD

Security researcher Luigi Auriemma has found a bug in the Quake 3 engine. This engine is from iD Software, and powers game from iD, such as Quake 3 and Return to Castle Wolfenstein, and other third-party games. He lists Call of Duty: United Offensive, Heavy Metal: F.A.K.K.2, Star Trek Voyager: Elite Force, and Star Wars Jedi Knight: Jedi Academy as being affected. The problem is how a game server running this engine responds to big queries. This opens up a denial of service attack that can be triggered remotely. Read details about fixes and workarounds at http://aluigi.altervista.org/adv/q3infoboom-adv.txt.

Intel

Nothing this month

Macromedia

Nothing this month

Mandrake

Mandrakesoft has an updated vim package for Mandrake Linux 10.0, 10.1, Corporate Server 2.1 and 3.0. There are bugs in the scripts that come with the vim editor that create temporary files that could be exploited by an attacker. Mandrakesoft credits Javier Fernandez-Sanguino Pena with finding these bugs.

McAfee

Nothing this month

Microsoft

Microsoft has updated their MS04-035 Security Bulletin, released 10/12/2004. The update to Microsoft Exchange that is in the MS05-012 Security Bulletin, discussed in the 2/8 BugBlog Plus and at http://www.microsoft.com/technet/security/bulletin/ms05-012.mspx, will supersede this earlier Exchange update.

Microsoft says that if you install the Cumulative Security Update for Internet Explorer that is in MS05-014, you may cause problems playing a Windows Media High Definition Video (WMV HD) DVD disks in Microsoft Windows Media Player. Microsoft says that clicking to play a chapter may not work. If you run into this problem, click the chapter and then press ENTER. If you are using the Windows XP Media Center Edition, with Windows XP Service Pack 2, you can use your remote control to select the chapter instead.

Another flaw in an ActiveX control has opened up another critical security vulnerablity for Microsoft. This control is the DHTML Editing Component, and could let a remote attacker take control of a Windows 2000, Windows XP SP1 and 2, or Windows Server 2003 computer. You can find links to the fixes for this at http://www.microsoft.com/technet/security/bulletin/ms05-013.mspx.

As part of Microsoft's massive release of security bulletins on 2/8/2005, they have also released another cumulative security update for Internet Explorer. This one, the MS05-014 update, replaces the last two updates for IE, the MS04-038 update and the MS04-040 update. This new update fixes four new security vulnerabilities that affect Internet Explorer 5.01 through 6, on almost all versions of Windows, including Windows XP Service Pack 2. In addition to the new fixes, this also fixes all the previous problems with IE. Get this latest Critical update at http://www.microsoft.com/technet/security/bulletin/ms05-014.mspx.

Microsoft says that their Microsoft Baseline Security Analyzer (MBSA) may have problems detecting which computers need updated with MS05-014, the Cumulative Security Update for Internet Explorer. MBSA may not work correctly with Microsoft Systems Management Server. If you use these tools, check out the information at http://support.microsoft.com/kb/867282.

Microsoft's update for OLE and COM bugs that is in MS05-012 may cause incompatibilities with the IMallocSpy debugging interface. According to Microsoft, you may end up with heap corruption after installing the security update and using the debugger. As yet, there is no workaround. You may want to keep an eye on http://support.microsoft.com/kb/873333 for further updates.

Had problems using Microsoft's MSN Messenger the past couple days? It's because Microsoft has had to make sweeping updates to prevent an "insidious" security threat from sweeping through the network and affecting PCs running MSN Messenger. As of 2/11, you will only be able to access the MSN Messenger service with version 6.2.0205 of the software (or later). Use older versions, and you will get a prompt to upgrade. According to a story in the Security Pipeline, security researchers at Core Security Technologies alerted Microsoft in August 2004 about this bug, which was fixed in a release on February 8, part of Microsoft's massive release of security bulletins. Core published a proof-of-concept on that day, which may make it easier for people to launch attacks via a buddy icon. Read the full story at http://www.securitypipeline.com/news/60400358.

Microsoft says that if you are having problems getting Microsoft Money to update stock quotes, they say it could be one of two problems that may result in the error message
Unable to Contact the Quotes Server
You may have too many invalid stock symbols. They also say that firewall software, such as Norton Personal Firewall or Zone Alarm, may be interfering. A suggestion at http://support.microsoft.com/?kbid=824895 is to temporarily lower your firewall defenses, although they warn that could be a bad idea. A better idea would be to look for other software or manually update the stock prices.

Microsoft says that the Office XP Spelling check will give incorrect spelling suggestions when you happen to type the name of the software company Autodesk. You will be told that either AutoDesk or Auto desk are correct. Microsoft has a hotfix for this, which will be in a future Office XP service pack. If you need this fix right away (if you work for Autodesk, for instance) you may want to contact Microsoft Technical Support and ask for the hotfix describe in Knowledge Base article 817834. Note that you may get charged for this call.

In Microsoft Office XP with Service Pack 3, anytime you open an Office document that adds a custom toolbar, it will increase the size of the file that holds the information on that custom toolbar. This may affect the normal.dot template or other heavily used files. Microsoft has a hotfix for this, which will be in a future Office XP service pack. If you use custom toolbars a lot, and can't wait for the fix, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 892094. Note that you may get charged for this call.

Microsoft has an update for Office 2003. This update is supposed to make Smart Tags more reliable, and Microsoft achieves this by restricting the ways that websites can be associated with the tags. To see the details and a link to the download, go to http://support.microsoft.com/?kbid=885828.

Microsoft says that Office XP Service Pack 2 and 3, as well as the individual components Word 2002 and PowerPoint 2002, plus Microsoft Project 2002, Visio 2002, and Works Suite 2002, 2003, and 2004, are all susceptible to a buffer overrun. This has been labelled a Critical Update by Microsoft. A remote attacker could, if they can get a user to open an Office document via Microosft Internet Explorer or via an email link, take complete control of the computer system, at the level that the user is logged on. This won't affect you if Microsoft ISA 2004 is your web proxy. For everyone else, go to http://www.microsoft.com/technet/security/bulletin/ms05-005.mspx for links to download the appropriate patches. Microsoft credits Rafel Ivgi from Finjan Software Ltd for finding this bug.

Microsoft says that installing the MS05-005 Security Update for Microsoft Office XP may cause some confusion. If you verify the version of Ietag.dll, the version number reported will not be the same as the one isted in the security update, which is 10.0.6731. This problem will happen if the computer with Office XP also has, or used to have, Office 2003 installed. There are a couple of workarounds if you find yourself in this situation. See the details at http://support.microsoft.com/?kbid=873352.

Microsoft reminds us that the mechanism that allows organizations to prevent the automatic downloading of Windows XP Service Pack 2 will be turned off on April 12, 2005. After that date, Windows Update and Automatic Update will start delivering the service pack to unpatched systems.

There may be network problems if you end up in a situation like this: your Windows XP computer, with Service Pack 2 and a smart card, is connected to a network when it is put into standby; When the computer is restored, the network is disconnected or down; when the network connection is restored, the Windows XP computer can't access any network resources. Microsoft has a hotfix for this, which will be in a future Windows XP service pack. If you need the fix right away, contact Microsoft Technical Support and ask for the fix described in Knowledge Base Article 890042. Note that you may get charged for this call.

A story in the Register reports that a Trojan Horse program specifically targets the Microsoft anti-spyware program. It tries to delete the program to surpress any warnings, and then it will try to insall a keystroke stealer to capture your online banking passwords. For now, it appears to target British banks, but there's probably no reason it can't jump the pond. Read the story at http://www.theregister.co.uk/2005/02/09/banking_trojan/.

There is a bug in the ASP.NET component of Microsoft .NET 1.0 and 1.1 that may allow a weakness in ASP.NET web sites. An attacker may be able to get unauthorized access to one of these sites. Depending on the capabilities of a particular website, they can then do additional damage. Fixes for this bug are available at http://www.microsoft.com/technet/security/bulletin/ms05-004.mspx.

Microsoft SharePoint Team Services and Windows SharePoint Services are both vulnerable to a bug that may allow cross-site scripting and spoofing. This may be used to trick a user into running a malicious program, thinking it is actually from a trusted site. The malicious program can then be used to cause damage to the computer or to put spoofed content on intermediate proxy server caches. Go to http://www.microsoft.com/technet/security/bulletin/ms05-006.mspx for links to the patches.

Microsoft says that if you install their SQL Server 2000 64-bit, and then change the file location of one of these files, Master.mdf, Errorlog, or Mastlog.ldf, then any hotfix packages with a build number of 977 or later may not install correctly. As a workaround, move those files back to their original locations. See the details at http://support.microsoft.com/?kbid=892059.

Microsoft says that if you are using SQL Server 2000, and use trace flag 9134, you will significantly slow down the server's performance. Microsoft says that most people will be using that flag to prevent the 601 error message. They have a hotfix for this, which will be in a future SQL Server 2000 service pack. If you need the fix right away, contact Microsoft Tech Support and ask for the hotfix described in Knowledge Base article 891201. Note that you may be charged for this call.

Microsoft says that if you are doing a large deallocation in Microsoft SQL Server 2000 with Service Pack 3, you may find that SQL Server will stop responding to any other requests. Microsoft has a hotfix for this, which also requires a previous hotfix. Go to http://support.microsoft.com/?kbid=891017 to see all that's needed to fix this.

Microsoft says that if you go to the Windows XP Control Panel applet to Add/Remove Windows Components, and you add Accessories, this might cause the Accessories menu on the Start menu to disappear. Microsoft says you will have to go back to the applet, remove Accessories and then add them back. See http://support.microsoft.com/?kbid=891893 for instructions.

Windows Server 2003 Service Pack 1 comes with a new wizard. It is the Security Configuration Wizard, which is included in Service Pack 1. However, it is not installed by default. To see how to install it, and an overview of it, see http://www.computerworld.com/securitytopics/security/story/0,10801,99418,00.html.

The 1/29 BugBlog Plus reported on a claim by a Russian security company that there was a flaw in Windows XP SP2's Data Execution Protection tool, one of the new security features. Microsoft downplayed that threat in an email to Cnet News, which ran the original story. You can read their rebuttal at http://news.zdnet.com//2100-1009_22-5559369.htm.

Microsoft says there is an error in the Systems Management Server 2003 Toolkit 2 documentation. The section in the documentation about the Site Boundary command-line tool, SiteBoun.exe, and its command-line switches is wrong. If you use this tool, see http://support.microsoft.com/?kbid=891999 for the correct information.

Microsoft says that there may be some compatibility problems when you access a USB 2.0 DVD drive or a CD-RW drive using a programsuch as Intervideo Win DVD or Roxio Easy CD Creator. Problems receiving a USB STALL packet may cause this error message
Unsafe Removal
or choppy or uneven playback. This has been fixed in Windows XP Service Pack 2. The problem also exists in Windows Server 2003. Microsoft has a hotfix for this version of Windows, which will be in a future service pack. If you need the fix right away, contact Microsoft and ask for the hotfix described in Knowledge Base article 820759. Note that you may get charged for this call.

Microsoft says that a bug in the Graphics Device Interface (GDI) may cause Windows Server 2003 or Windows XP to crash when you copy an image to the clipboard. You may also see this error message, although the numbers in parentheses may be different:
STOP: 0x00000050 (bc7cf000, 00000000, bf964404, 00000001)
Microsoft has a hotfix for this, which will be in future service packs for the two products. If you can't wait for these, contact Microsoft Technical Support and ask for the hotfix described in Knoweldge Base article 872797. Note that you may be charged for this call.

Microsoft says that when you try to cancel a document being printed on a Windows XP system, you may get this Stop Error message instead
STOP: 0000008E
They have a hotfix for this, which will be in a future Windows XP service pack. If you can't wait for the fix, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 887589. Note that you may be charged for this call.

According to a story in PC World, Windows XP Service Pack 2 slows down Nero AG's InCD4 DVD-burning software. This software is included with many DVD-RW drives, including Sony, Plextor, and Lite-On. Nero says this is because of a cache bug in SP2. Read the details, and get a link to a fix, at http://www.pcworld.com/howto/article/0,aid,119265,00.asp.

There is an unchecked buffer in the Hyperlink Object Library in Windows 2000, Windows XP Service Packs 1 and 2, Windows XP, Window Server 2003, and Windows 98/Me, that may allow a remote attacker to take over a computer system. To do so, they would have to construct a malicious link in a webpage or email, and persuade the victim to click it. (See the Paris Hilton video!) Updates for all but Windows 98/ME are available from http://www.microsoft.com/technet/security/bulletin/ms05-015.mspx. Microsoft credits Anna Hollingzworth for finding this bug.

Microsoft says there is a minor font problem on Windows XP or Windows 200 Service Pack 4 computers, or Windows XP Service Pack 2 computers where Microsoft Security Bulletin MS04-011 Security Update has been installed. The problem is in the Arial Black font or the Impact font. The bullet character may not appear to be centered correctly when you use it in Microsoft Word, WordPad or Notepad. Microsoft says this problem doesn't happen in any of the other fonts, so you may just want to switch.

The License Logging Service in Microsoft Windows NT Server 4.0, Window 2000 Server Service Pack 3 and 4, and Windows Server 2003, are all susceptible to a bug that may allow a remote attacker to take complete control of the server. Microsoft has labelled it a Critical Update, and you can get updates for this at http://www.microsoft.com/technet/security/bulletin/ms05-010.mspx. Microsoft credits Kostya Kortchinsky from CERT RENATER for reporting this.

Microsoft says that a bug in the Server Message Block (SMB) may allow a a remote attacker to take control of a system. This could happen to on Windows 2000, Windows XP (both SP 1 and SP 2), and Windows Server 2003 computers, and is considered a Critical Update by Microsoft. Firewall and security practices can be used to mitigate against this threat. Links to the update, as well as a discussion of the workarounds, are at
http://www.microsoft.com/technet/security/bulletin/ms05-011.mspx. Microsoft credits eEYE for reporting this bug.

Microsoft says that two components, OLE and COM, that are used in Windows, Exchange, and Office, could allow attacks. The COM bug could only be used by a local user who had valid log-in credentials. They would be able to gain extra privileges and take control of the computer system. The OLE bug can be triggered remotely, by constructing a malicious web page and luring a user there. Microsoft deems this a critical update for Windows 2000, Windows XP Service Pack 1 and 2, Windows Server 2003, Microsoft Exchange 2000 and 2003, Office XP and Office 2003. Get links to the patches at http://www.microsoft.com/technet/security/bulletin/ms05-012.mspx. Microsoft credits Cesar Cerrudo of Application Security Inc. for reporting the COM bug.

Microsoft says there is a bug, referred to as the Named Pipe Vulnerability, in both Windows XP Service Pack 1 and Service Pack 2 and Windows XP 64-bit edition, that may allow an attacker to snoop. This remote attacker may be able to remotely read the user names for users who have an open connection to an available shared resource. Fixes for this can be downloaded from http://www.microsoft.com/technet/security/bulletin/ms05-007.mspx. Microsoft credits Jean-Baptiste Marchand of Herve Schauer Consultants for alerting them to this problem.

Microsoft says there is a drag-and-drop bug in Windows 2000, Windows XP Service Pack 1 and 2, Windows XP 64-Bit, and Windows Server 2003. An attacker may be able to design either a web page or an email message that will that will let them store a file on your computer, which could then do other damage. Older versions of Windows (NT,98, ME) are apparently also affected, but aren't fixed. For the newer versions, go to http://www.microsoft.com/technet/security/bulletin/ms05-008.mspx for your patch. That page also has workaround information.

Microsoft says that if you are using a smart card for authentication when you log on to a wireless network with a Windows XP computer, you will have problems. While user authentication should be successful, computer authentication won't be. That's because the computer certificate from the smart card isn't accessible during the computer startup process. Microsoft has a hotfix for this, which will be in a future service pack. If you need the fix right away, contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 890937. Note that you may be charged for this call.

Microsoft says that a number of its programs do not handle corrupted or malicious PNG graphics files correctly, which may allow an attacker to run hostile code and take complete control of your compter. The programs are: Windows Media Player 9; Windows Messenger 5.0, 6.1, and 6.2. Microsoft considers this a Critical Update. Updates are available at http://www.microsoft.com/technet/security/bulletin/ms05-009.mspx. Microsoft credits Carlos Sarraute of Core Security Technologies for finding this problem.

Microsoft says that if you try to add a wireless network to a Windows XP computer, and that computer already has had a network applied via Group Policy, you may get an error message saying there are network problems
At least one of your changes was not applied successfully to the wireless configuration.
Microsoft says that the error message is in error; all the networking changes were actually applied. They do have a hotfix for this, which will be in a future Windows XP service pack. If you can't wait for that, then you will need to contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 892087. Note that you may get charged for this call.

Microsoft says you may get a Blue Screen of Death if you remove a CardBus Compact Flash adapter from your computer, after you have transferred a file or edited a file on the device. The error message will look something like
STOP: 0x0000007E (0xAAAAAAAA, 0xBBBBBBBB, 0xCCCCCCCC, 0xDDDDDDDD)
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
although the hex numbers in parenthesis may be different. Microsoft says this has been fixed in Windows XP Service Pack 2. However, there are no fixes for it for Windows 2000 or Windows Server 2003.

On a Windows XP Service Pack 1 or Service Pack 2 computer, if you try to log on to a Novell NetWare server by using Client Services for NetWare, the logon "May take an unexpectedly long time." Microsoft has a hotfix for this. If you need it, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 887176. Note that you may get charged for this call.

The PC World test center says they have found a problem when running Windows XP Service Pack 2 on an Acer Travelmate 3200 notebook computer. While battery life was up to four hours with XP SP1, it is about an hour less with XP SP2. PC World says that neither Acer nor Microsoft have information about this. You can read their account at http://www.pcworld.com/howto/article/0,aid,119265,00.asp.

Microsoft has an update of their Windows AntiSpyware tool. The 1.0.509 version is supposed to guard against more threats and it is also supposed to be more stable. Read more at http://www.securitypipeline.com/news/60401777.

There will be no Mardi Gras celebrations for system administrators. Microsoft is releasing nine security bulletins on 2/8 concerning Windows (the worst is a Critical level), plus bulletins for SharePoint Services and Office, .NET framework, MS Office and Visual Studio, and Windows Media Player and Messenger. Those last two are also critical.

Microsoft is doing a voluntary recall of the power cords on Xbox game consoles. There appears to be a minor fire hazard -- Microsoft gives the odds as one in 10,000. Of course, it's a bummer if you are the one. For all regions except the European continent, replacement is for Xbox consoles made before 10/23/2003. For Europe, it is before 1/13/2004. Go to http://www.xbox.com, log on to your region, and then look for the big Important Safety Notice link. You will need your serial number and date of manufacture.

Mozilla

Mozilla says that Firefox 1.0.1 may not co-exist happily with some old versions of the Adobe Acrobat Reader plug-in. This may cause Firefox to hang when reading or closing a PDF.(This bug has bitten me.) Fix this by getting the latest version of the plug-in from http://www.adobe.com/products/acrobat/readstep2.html.

Mozilla has fixed a security bug in both Firefox and the Mozilla Suite. The problem is that a predictable name is used for the plugin temporary directory. This could be exploited by a local user to booby trap some other Firefox user -- when they shut down Firefox it could be programmed to erase the victim's directory. This has been fixed in Firefox 1.0.1 and the Mozilla Suite 1.7.6.

If you are trying to type an address into the address bar in Mozilla Firefox 1.0.1, and Firefox crashes, it may be due to a conflict with the autocomplete.xpt file. This will typically be found in \Program Files\Mozilla Firefox\components. The conflict is often caused by installing a version of Firefox in the same folder as an older version. Fix this particular bug by deleting that file.

On 2/9, the BugBlog reported an IDN Spoofing bug, where many browsers could be made to show one URL in the address bar, while you are actually at another site. Mozilla has a workaround -- in their upcoming Firefox 1.0.1 and Mozilla 1.8 beta support for IDN will be turned off by default. You will be able to turn it back on again, but will be warned about the spoofing. They also say that the ultimate problem here lies with the domain name registrars, who allow similar-sounding names (this is being called homograph spoofing). See the 2/14 entry at http://www.mozillazine.org/ for much more background.

On 2/17, the BugBlog reported a workaround for the IDN homograph spoofing bug in Mozilla and FireFox. The solution announced that day was to turn off support for IDN, until a long-term solution could be found. Apparently, there was considerable negative feedback, because Mozilla.org now says that instead of turning off IDN, they will now display international domain names using "punycode." You can read more about this at http://www.mozillazine.org/talkback.html?article=6096.

Mozilla Firefox 1.01 has been released. It fixes a number of security bugs, most noticeably the bug for Internationalized Domain Name (IDN) homograph spoofing. Any IDNs will now be displayed as "puny code" which should guard against a spoofing attack where a website could impersonate a trusted web site as a way to steal data. Get the free update at http://www.mozilla.org/products/firefox/

Novell

Novell has updated IDM 2.0.1 for all Windows, Netware, and Unix platforms. This update fixes a problem where a password was changed and expired in one eDirectory, and was synced without being expired into another tree. Get the patch at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970778.htm.

Novell has updated eDirectory 8.7.3.4 for both NetWare and Win32 networks. It is a cumulative update with all fixes since eDirectory 8.7.3. It includes a new version of DS.NLM that fixes -785 errors, and also plugs up a memory leak in the FLAIM thread manager. It also fixes a bug that might cause FLAIM queries to fail; and other bugs. The update is in edir8734.exe at
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970412.htm.

Novell has an update for NWSLP.SYS in their Novell Client 4.9 with Support Pack 2. This post-SP2 update fixes a bug that sometimes causes a Blue Screen of Death when a workstation is making a connection to a VPN (virtual private network.) Get the fix at
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970516.htm.

Novell has an updated SRVLOC.SYS file for their Novell Client 4.9 with Support Pack 2 already installed. This update fixes a bug that sometimes causes a blue screen of death in SRVLOC.SYS. Get the update at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970517.htm.

NVIDIA

There is an update nForce4 Standalone Kit available from NVIDIA. The 6.39 update has some general compatibility fixes, as well as increased support for the NVIDIA Disk Alert System. Don't install the update on Windows XP if you haven't at least upgraded to XP Service Pack 1. If you haven't, the NVIDIA update may wipe out your USB 2.0 support.

Opera

Nothing this month

Oracle

Nothing this month

RealNetworks

According to the security researchers at Secunia, a bug in Real Networks RealPlayer 10.x can be combined with already-known bugs in Microsoft Internet Explorer, to deliver malicious content to your computer via a RealMedia .rm file. There have been exploits published that show how to do this. The only prevention for now is to avoid dubious .rm files. Read the Secunia warning at http://secunia.com/advisories/14087/.

Red Hat

Red Hat has an updated PHP package for Red Hat Enterprise Linux 4. A number of bugs in the PHP scripting language could be used by remote attackers to either access the memory of the target computer, or run their own code. You can get the updated package at https://rhn.redhat.com/errata/RHSA-2005-032.html.

Red Hat has a kernel update for Red Hat Enterprise Linux 4. This fixes a number of security bugs, including: a bug in IGMP that local users can exploit; a bug in page fault handler code that can also be exploited by local users; a bug in the Direct Rendering Manager (DRM) driver in Linux kernel 2.6 that remote users can use for a denial of service attack; and more. Get the update at https://rhn.redhat.com/errata/RHSA-2005-092.html.

Red Hat says they have an updated package for the Hardware Certification Suite for Red Hat Enterprise Linux 4. There are a number of unspecified bugs in the old version which may cause problems when trying to do hardware certification. You can get the update at
https://rhn.redhat.com/errata/RHBA-2005-051.html.

Red Hat has updated kdelib and kdebase packages for the K Desktop Environment. These packages for Red Hat Enterprise Linux 2.1, 3.0 and the Red Hat Desktop, fix bugs in the Konqueror browser that were reported in the 2/9 BugBlog, as cross-browser spoofing attacks. You can get the update at https://rhn.redhat.com/errata/RHSA-2005-009.html.

Red Hat has an updated perl-DBI package that fixes a bug in the temporary file in DBI::ProxyServer. This could affect Red Hat Enterprise Linux 2.1, 3, and the Red Hat Desktop 3. The problem is that the temporary file is created in an insecure way, and may be used as a method of attack. Get the update at https://rhn.redhat.com/errata/RHSA-2005-069.html.

Red Hat has an updated ethereal package that fixes a number of bugs in the network monitoring program. An attacker may be able to take advantage of these bugs to send specially-crafted packets that could crash the network. There are updates for Red Hat Enterprise Linux 2.1 and 3, and the Red Hat Desktop 3. Get the update at https://rhn.redhat.com/errata/RHSA-2005-011.html.

Sun Microsystems

Sun Microsystems says there is a bug in the kcms_configure command, part of the Kodak Color Management System, in Solaris 7,8, and 9 that may allow any local user to modify any file on the system. Given the imagination of your local users, this could cause a certain amount of trouble. Sun has fix information at http://sunsolve.sun.com/search/document.do?assetkey=1-26-57706-1. They credit iDEFENSE with finding this bug.

Sun Microsystems says that Solaris 2.6, 7, and 8 may have some Socket-based network server applications lock up. It may be due to heavy load on a network. It could also be triggered by a denial of service attack. Application that they point out as being at risk are thosed based on inetd, which include telnet, ftp, and rlogin/rsh. You can get patches for your version of Solaris at http://sunsolve.sun.com/search/document.do?assetkey=1-26-23484-1.

Sun Microsystems says that a bug in Solaris 7 or 8 may allow both local or remote users to possibly trigger a denial of service attack via the FTP server. Apparently, the server is listening on more ports than are needed. This has been patched in Solaris 7 with patch 110646-06 or later, and Solaris 8 with patch 111606-05 or later on SPARC; and Solaris 7 with patch 110647-06 or later and Solaris 8 with patch 111607-05 or later on x86.

Sun Microsystems says that the version of Samba that is distributed with Solaris 9 in both the SPARC and x86 versions, has a security bug in the Samba smbd(1m) daemon. You are vulnerable if using Samba 2.X through 3.0.9, and the Solaris system is configured to be a Samba server. Both remote and local authenticated users may be able to exploit this bug to run commands at the Super User level. Sun says to go to Samba.org and download and compile samba 3.0.10 or higher for a fix.

Sun Microsystems says that there are a number of bugs in imlib, which is a multi-image format library. These can cause security holes in Sun Java Desktop System (JDS) 2003 if it hasn't been patched with the updated RPM patch-9338, or Sun Java Desktop System (JDS) Release 2 without the updated RPMs patch-9338. The bugs may allow a local unprivileged user to execute their own code snuck in via a bitmap (.bmp). Get the patch information at http://sunsolve.sun.com/search/document.do?assetkey=1-26-57645-1

 

Symantec

There is a heap overflow bug in the parsing engine used by Symantec for many of their enterprise and consumer products, including: Norton AntiVirus 2004; Norton Internet Security 2004; the Mac version of these products; Symantec Mail Security for Microsoft Exchange 4.0; Symantec Mail Security for Domino 4.0; Symantec AntiVirus for Network Attached Storage; Symantec AntiVirus Corporate Edition 9.0; and more. Symantec is in the midst of replacing the component that causes this bug, which was originally discovered by ISS X-Force. See the full list of vulnerable products, and update details, at http://www.sarc.com/avcenter/security/Content/2005.02.08.html. Read the original ISS alert at http://xforce.iss.net/xforce/alerts/id/187.

 

Trend Micro

There is a bug that stretches across the security products line from Trend Micro, according to the security researchers at ISS-X Force. The problem is in the ARJ archive file format parser, where a heap overflow may allow an attacker to run their own code on a computer that is guarded by Trend Micro products. Fix this by going to Trend Micro at http://www.trendmicro.com/vinfo/default.asp?sect=SA and update to the VSAPI 7.510 or higher scan engine. You can read the original X Force advisory at http://xforce.iss.net/xforce/alerts/id/189.

Winamp

Nothing this month

Yahoo

The security researchers at Secunia say that Yahoo! Messenger 6.0.0.1750 has a bug if the "Hide extension for known file types" has been implemented in Windows, which is the default Windows setting. This may allow attackers to trick you into executing a file that may have malicious content. Go to http://messenger.yahoo.com/ and update to version 6.0.0.1921 or later.

Zone Alarm

Zone Labs says there is a bug in ZoneAlarm Security Suite, ZoneAlarm Pro, ZoneAlarm, and Check Point Integrity that may allow local attackers to crash a system via IPC messages. According to them, this can't be triggered remotely, and it can't do anything other than a denial of service attack. This has been fixed in these releases: Check Point Integrity Client versions 4.5.122.000 and 5.1.556.166; ZoneAlarm Security Suite, ZoneAlarm Pro, ZoneAlarm, ZoneAlarm with Antivirus version 5.5.062.011; and ZoneAlarm Wireless version 5.5.080.000. Zone Labs credits iDEFENSE for finding this bug.