The BugBlog Plus March 2005 by Company

BugBlog Plus Archives
Current month
Nov 06 by company
Nov 06 by date
Oct 06 by company
Oct 06 by date
Sep 06 by company
Sep 06 by date
Aug 06 by company
Aug 06 by date
July 06 by date
June 06 by date
May 06 by date
Apr 06 by date
Mar 06 by date
Feb 06 by date
Jan 06 by date
Jan 06 by company
Dec 05 by date
Dec 05 by company
Nov 05 by date
Oct 05 by date
Sept 05 by date
Aug 05 by date
July 05 by date
June 05 by date
June 05 by company
May 05 by date
May 05 by company
Apr 05 by date
Apr 05 by company
Mar 05 by date
Mar 05 by company
Feb 05 by date
Feb 05 by company
Jan 05 by date
Jan 05 by company
Dec 04
Dec 04 by company
Nov 04
Oct 04
Sept 04 by date
XP SP 2
Aug 04 by company
Aug 04 by date
Jul 04 by company
Jul 04 by date
June 04 by company
June 04 by date
May 04 by company
May 04 by date
Apr 04 by company
Apr 04 by date
Mar 04 by company
Mar 04 by date
Feb 04 by company
Feb 04 by date
Jan 04 by company
Jan 04 by date
Dec 03 by company
Dec 03 by date
Nov 03 by date
Nov 03 by company

Jump to the BugBlog archives (October 03 and earlier are public archives)

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
XP SP2
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.

BugBlog

Adobe

Adobe's activation scheme for software may get confused if you are installing onto a RAID system. (A RAID system is a Redundant Array of Independent (Inexpensive) Disks) where multiple copies of files are installed simulataneously for backup. A story in eWeek details how this happened with Acrobat 7. It appears that if you complain to Adobe, you can get a version without the activation scheme, bypassing a rather dumb reaction from Adobe Technical Support. Read about this at http://www.eweek.com/article2/0,1759,1780393,00.asp.

Adobe says that if you try to install Adobe Acrobat 6.0 Professional as an upgrade to Acrobat 6.0 Standard Edition, you may see this error message
Setup has determined you already have a more functional product installed. Setup will now terminate.
Screaming at the installation program that Professional costs more so it must be more functional will not work. Instead, you should first remove Acrobat Standard and then install Acrobat Professional. If you need help with this, see http://www.adobe.com/support/techdocs/330205.html.

If you are reading a PDF file that contains barcodes in Adobe Acrobat 7.0 or Adobe Reader 7.0, the barcodes may get cropped or may be missing a bar. This happens if the barcodes are created in dobe LiveCycle Designer 7.0, and it may cause barcode scanners to misread the codes. This is fixed in the Acrobat or Acrobat Reader 7.0.1 update.

Adobe says that if a hyperlink in a Microsoft Office document leads to a PDF file that is on the local machine or a shared hard drive, clicking on it won't open Adobe Acrobat 7.0 or Adobe Reader 7.0. Acrobat is expecting the file to be on a web server, and otherwise won't work. This has been fixed in the Acrobat 7.0.1 update.

Adobe says that if you want to use the Adobe PDFViewer for Mac OS X, you will need to be running Mac OS X 10.3 or later, and Safari. They recommend that it be at least OS X 10.3.4 and Safari 1.2.3 (which actually comes with Mac OS X 10.3.5. Confused? See http://www.adobe.com/support/techdocs/331040.html for their explanation.

Adobe says that if you are using Windows Terminal Server or Citrix Metaframe remote desktop to print a PDF document using Acrobat 5.x or 6.x, you may see this error message
There was an error found when printing the document "filename.doc" to My Documents\*.pdf. Do you want to retry or cancel the job? Retry/Cancel.
Adobe has three suggestions. The first costs money -- upgrade to Acrobat 7.0. The second is to log into the server console as an Administrator. The third would be to try to save the PDF to a different location such as a shared network folder. See http://www.adobe.com/support/techdocs/329026.html for more.

If you create a document in Adobe InDesign 2.x, and then open it in Adobe InDesign CS, you may see this error message
Missing Fonts. The document [file name] uses one or more fonts which are currently not available on your system. The text will use a substitute font until the original font becomes available.
Adobe has two possible workaround. Try exporting the document to InDesign Interchange (*.inx) format, and then check the font information. If that doesn't work, see if a font was applied to a space character or a text box, and then replace the font. Go to http://www.adobe.com/support/techdocs/330692.html for details.

If you are using Adobe InDesign CS 3 on a Mac OS X 10.3 computer, and you try to save a file with a Save As command to a shared Windows folder where the document has been saved already, none of the new information will be saved. Adobe says to upgrade to InDesign CS 3.0.1 to fix this bug.

Adobe says that in Adobe InDesign CS for the Mac OS X, if a document has links to files that are on a non-Apple file server, like on a Samba or NFS volume, the links will show up as missing in the Links palette. This has been fixed in the InDesign CS 3.0.1 update.

Adobe says that if you try to open a QuarkXpress 3.3x or 4.x document in Adobe InDesign, their app may choke and give an error message of
"There was an error reading the file. File cannot be converted. Check to see if the file is open in another application."
Adobe has a lengthy series of troubleshooting steps that may resolve this. See them at http://www.adobe.com/support/techdocs/323158.html.

When you are exporting a PDF file out of Adobe PageMaker, you may run into one of these errors
"Typecheck: OffendingCommand: [font name] "
"Typecheck: OffendingCommand: SetColor"
"Typecheck: OffendingCommand: Get"
"Typecheck: OffendingCommand: Stack"
This is probably due to a damaged object in the file, according to Adobe. See the five troubleshooting steps they have listed at http://www.adobe.com/support/techdocs/330574.html for more help.

Adobe says that in PageMaker, if you export to a PDF file, and your document contains a Euro character, a bullet may get substituted. Adobe has about five workarounds for this, the first of which is to upgrade to PageMaker 7.0.1. To see their other suggestions, go to http://www.adobe.com/support/techdocs/328526.html.

When using Adobe Photoshop CS to crop an image, if you have inserted the dimensions and resolution in the crop options, you may get an error message saying your scratch disk is full and you can't crop the image. Adobe says you will be able to crop the image if you leave the options blank, or if you set the default measurement units. See http://www.adobe.com/support/techdocs/330796.html for the details.

Adobe says that if you are tyring to print from Photoshop or Photoshop Elements to a non-PostScript large format printer, you may only get partial images printed. You may also see this error message
Could not complete your request because of a program error.
This could happen on an Epson Stylus Pro 7600 or an HP DesignJet 5500 printer, or when you have picked a paper size of 90 inches or more in the Printer Properties. Some possible workarounds include using a PostScript driver, turn on banner printing, or printing at a smaller size. See http://www.adobe.com/support/techdocs/325485.html for details.

If you are using Adobe Photoshop CS on a Mac OS X computer, and you try to open a PSD file, you may get the error message
Could not complete your request because the file is not compatible with this version of Photoshop.
If you know that compatibility shouldn't be an issue, then check to see if you are running Symantec Norton AntiVirus 9.0 with older virus definitions. (November 2004 or thereabouts) See http://www.adobe.com/support/techdocs/331092.html for fix information.

Adobe says that when you start Photoshop CS on a Mac OS X computer, you may see an error message something like this
Could not fully start the application because of invalid personalization information.
Assuming its not your own personality that Photoshop is complaining about, Adobe has a number of troubleshooting steps you can follow, including removing and reinstalling Photoshop. See the details at http://www.adobe.com/support/techdocs/326496.html.

Apache

There is a bug in Apache Tomcat that may allow a remote attacker to trigger a denial of service attack. According to US-CERT, this can happen via the AJP12 protocol on TCP 8007. This has been patched in Tomcat 5.x.

Apple

Apple has fixed a number of security bugs in the AFP Server that comes in Mac OS X v10.3.8 and Mac OS X Server v10.3.8. One fixes a possible denial of service attack via a malicious packet. Anothre is a problem with file permissions that may allow access to drop boxes. Apple credit John M. Glenn for finding this bug.

When you render and import a QuickTime movie at 29.97 fps from Adobe After Effects into Apple Shake 3.0, frame 11 is going to end up as a repeat of frame 10. From then on, the sequence in Shake will be off by one frame. Apple says this does not happen in Shake 3.5, so one fix is to upgrade.

If you want to use Apple Final Cut Express HD, you will need a computer with an AGP graphics card that is compatible with Quartz Extreme. Apple says that these cards will work: NVIDIA GeForce2 MX; GeForce3; GeForce4 MX; GeForce4 Ti; and any ATI Radeon that is AGP-based. These cards also need at least 16 MB of video ram.

Apple says that when you connect a DV camera and try to use it with iMovie, you may get a message that iMovie can't see the camera, or that it can't control the camera. If you are using Mac OS X 10.3 or later with Fast User Switching, make sure that another user isn't also trying to access the camera. Otherwise, see http://docs.info.apple.com/article.html?artnum=43000 for more troubleshooting tips.

If you have one of the Apple iPods with a color display, there is an iPod Updater for you. The iPod Updater 2005-03-23 has the new software this model needs. Get it at http://www.apple.com/support/downloads/ipodupdater20050323.html. All the non-color display iPods should stick with iPod Updater 2005-02-22.

Apple says that if your Click Wheel iPod or iPod mini goes into a deep sleep (after 36 hours with no activity) the clicker settings get set back to default. Once you wake up your iPod, you will need to go to Settings, Clicker to set them again.

Apple says that if you want to use the Battery Pack with your iPod shuffle, you will need to get the iPod Updater 2005-02-22. That will deliver the iPod shuttle Software 1.1, which fixes a number of unspecified bugs as well as the battery support. The 24 MB download is at http://www.apple.com/support/downloads/ipodupdater20050222.html.

If you are going to recharge your iPod by plugging it into a port on your computer, Apple says it is best to plug it directly into a USB 2.0 or FireWire port on your computer. It won't charge if it gets plugged into a non-powered hub. In most cases, the USB ports that may be on keyboards are non-powered. They also suggest that if you are having problems plugging it into a USB port on the front of the computer, that you try plugging it into a USB port on the back of the computer.

Apple says that if you make a DVD slideshow in iMovie HD or iDVD 5, chapter markers may end up as white frames. Apple has a workaround, which involves exporting to QuickTime, to avoid the white frames. See the details at http://docs.info.apple.com/article.html?artnum=300957.

The Apple Security Update 2005-003 for Mac OS X Server 10.3.8 has an update for Mailman. This fixes a bug that could allow a direcotry traversal that may allow a remote attacker to gain access to files. This bug originated with the Mailman package. You can get more details about it at http://www.gnu.org/software/mailman/security.html.

Apple Computer says that Mac OS X v10.3.8 and the Mac OS X Server v10.3.8 are both vulnerable to the bug in the TELNET client that may allow a nasty TELNET server to run code on a vulnerable client. Apple has fixed this in the Security Update 2005-003.

Apple's Security Update 2005-003 has a fix for Safari's exposure to the International Domain Names (IDN) bug that affects a number of browsers. Apple's fix appears complicated. You will be given a number of user-editable scripts, but not in alphabets that could imitate normal Latin. This could make it less likely to get fooled into going to a malicious web site. Read more about this fix at http://docs.info.apple.com/article.html?artnum=301116.

Apple's Security Update 2005-003 for Mac OS X 10.3.8 and 10.3.8 Server fixes a problem of lenient permissions. A number of directories had been given World-writable permissions, including the installer's receipt cache and the system-level ColorSync profiles. This could have been exploited in a number of ways. Apple credits Eric Hall at of DarkArt Consulting Services, Michael Haller at info@cilly.com, and (root at addcom.de) for finding this bug.

The Apple Security Update 2005-003 fixes a security hole with Bluetooth. There is a local security bypass that may give access to certain privileged functions. This has been blocked in the Bluetooth Setup Assistant. That should keep this bypass from being accessed by a bypasser.

Apple says that if you have upgraded to Mac OS X 10.3.8 and you also use the Macally iShock game controller, you may see your free disk space disappear. It is actually being filled up by system.log file busy writing all the iShock driver problems. Apple says to go to http://www.macally.com/techsupport/drivers.html and read the "Attention: iShock/iShockII users and Panther OS 10.3.8 update" notice for help in fixing this.

ATI

If you are using the ATI Catalyst 5.2 software suite, and you are using a supported localized language, starting the Problem Report Wizard from the ATI icon may not be displayed in the correct language. This has been fixed in Catalyst 5.3.

ATI has released the Catalyst 5.3 software suite. The Catalyst Control center within the suite needs Microsoft .NET framework installed on the computer. If it isn't there, you will get an error message when you try to start the Control Center. Also, this package includes the Remote Wonder 3.01 software, which is for Remote Wonder and Remote Wonder II. If you have the Remote Wonder Plus you shouldn't use this new version -- ATI says to stay with the original software for this product.

ATI says that if you try to play Sierra's Half-Life 2 on a Windows XP computer with an ATI graphics card running the ATI Catalyst 5.3 software, you may have problems at some video settings. A display of 1024 by 768 with 32-bit color, and with all other options set to their maximum values, may give you slow performance and bad textures. As yet, there is no fix other than choosing another setting.

Cisco

Nothing this month

Computer Associates

There is a vulnerability in the Computer Associates License Manager that may let a remote attack run their own code on your computer. The bug is in the CA License package versions between 1.53 and 1.61.8. This is going to affect just about all Computer Associaties products on all platforms. There are links to patches at http://supportconnectw.ca.com/public/reglic/downloads/licensepatch.asp#a. You can also see the full list of products there. The problems appear to have been independently discovered by Greg MacManus of iDEFENSE Labs, and Barnaby Jack of eEye Digital Security.

The 3/5 BugBlog Plus reported on a bug in the Computer Associates License Manager that affects just about all CA applications. If you haven't patched your programs yet, it's time you did. There is now exploit code circulating that shows how to exploit this problem. The patches are at http://supportconnectw.ca.com/public/reglic/downloads/licensepatch.asp.

Electronic Arts

Electronic Arts says that if you are playing the University Expansion pack for Sims 2, and the option for the Sim to go to class is not working, there could be three things wrong -- but only one of them is a bug. They say that some third-party patches or mods may cause this interference. As a fix, you will need to completely uninstall and reinstall the program. (The other two reasons -- it may not be time for class, or the Sim may be in a bad mood. They won't go to class if they are in a bad mood -- does a hangover count?)

If you are trying to install Electronic Arts Sims 2 University expansion pack, and get a transfer error with Sims2EP1.exe, the first thing you should do is stop all background tasks that may be running. These may be interfering with the installation, or hogging resources. If that doesn't work, see the rest of the troubleshooting steps at
http://eatech.custhelp.com/cgi-bin/eatech.cfg/php/enduser/std_adp.php?p_faqid=17375.

General

US-CERT has issued an advisory about a bug in many TELNET clients. TELNET is an early Internet technology that's been bypassed by the Web, but most operating systems still supply a client. There is a bug in the data length validation that may give a server a chance to run arbitrary code on a client. So far, the bug has been confirmed in Debian, MIT Kereberos, and Sun Microsystems. It's status is unknown in a long list of other applications and operating systems, which you can see at http://www.kb.cert.org/vuls/id/291924. The BugBlog Plus will have info on the individual fixes. US-CERT credits iDefense with finding this bug.

How many computers world-wide might have been infected and now controlled by hackers? One study in Germany says the number might be one million. Of course, that's an estimate extrapolated from a study they did using "honeypot" computer that have been deliberately left unguarded. After seeing how many botnets (computers controlled by hackers - others call them zombies) were attracted to these computers, they made their estimates. Read the details at http://www.securitypipeline.com/159901193.

US-CERT says the Gaim IM (instant messaging) client for Linux, Mac OS X and Windows has a bug. A remote attacker may be able to send a malicious HTML message that can crash Gaim for a denial of service attack. Users can upgrade to Gaim 1.1.4 at http://gaim.sourceforge.net/downloads.php.

US-CERT has issued an alert about a buffer overflow bug in nfs-utils. This is a Linux package for NFS clients and servers. According to CERT, a remote attacker could use this bug to launch a denial of service attack. So far, Red Hat has been shown to be vulnerable, Debian and Sun Microsystems as not vulnerable, and other Linux systems still unknown. Keep score on your own at http://www.kb.cert.org/vuls/id/698302.

PC World has done an extensive series of tests of anti-adware and -spyware tools in the April 2005 issue. They picked Sunbelt Software's CounterSpy and Webroot's Spy Sweeper as the best. Read the whole article starting at http://www.pcworld.com/reviews/article/0,aid,119572,00.asp.

The FDIC and other federal banking agencies have issued new regulations. Banks will now have to tell customers if their personal data has been exposed. According to a story on C Net, the "provisions call on financial institutions to prevent unauthorized access and use of customer information and to address any such incidents that do occur."

The United States Computer Emergency Readiness Team, part of the Department of Homeland Security, has a new cyber security tip. This one is on Recovering from Viruses, Worms and Trojan Horses. It's a decent summary of what you can do. Advanced computer users and IT administrators already know this stuff, but there's lots of people who don't. Read it at
http://www.us-cert.gov/cas/tips/ST05-006.html. (Unfortunately, it doesn't have those neat illustrations that the Department uses when they tell us how to survive non-cyber terrorist attacks.)

According to a bulletin at Secunia at http://secunia.com/advisories/14585/, a couple of bugs have been found in the Linux kernel. At least one of the bugs can be used for a denial of service attack. Another may allow any user with permission to access a SCSI tape drive to send commands that can bother others. These fixes should be coming through the individaul distributions shortly, but for now you can see the changelog at http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.12-rc1.

Virus writers, while they can do serious harm, mostly do it for fame and recognition among their peers. Phishing, which is obtaining sensitive information from users via fake web sites, is turning into a major international criminal business. (There was another PayPal phishing scheme in my inbox this morning.) You can read much more about it in this eWeek story at http://www.eweek.com/article2/0,1759,1772523,00.asp.

Hewlett Packard

Nothing this month

IBM

According to IBM, there seems to be some sporadic problems with the Print Dialog box in Lotus 1-2-3 9.8, when running on Windows XP. All the drop-down lists and check boxes will show up on the Print Dialog, but none of the text will be there. In one particular case, uninstalling McAfee AntiVirus 8.0 fixed this problem; but that didn't seem to be the problem in other cases.

IBM says that in Lotus Notes 5.0.10, 5.0.11, and 5.0.12 the Calendar option that keeps documents from being archived may get ignored, and things will get archived anyway. This will also happen with Lotus Notes 6.x clients that connect to a database on a Domino 5.x server. This has been fixed in Lotus Notes 6.0.3 and 6.5.1.

IBM says that if you try to use Lotus Approach remotely via Windows Terminal Services 2003, you may have problems on the View tabs. The font may be so small that you won't be able to read them. At this point, the only workaround from IBM is to not use Terminal Services to run Approach. Use it locally.

Intel

Nothing this month

Macromedia

When installing Macromedia's Dreamweaver MX 2004 7.0.1 updater, you are supposed to disable all the Dreamweaver extensions first. If you don't, they will be missing after the upgrade. They also say that you should disable virus protection before the upgrade. (If that's their recommendation, then I think they should write a better installation program.)

According to Macromedia, one of the more troublesome parts of using Dreamweaver may be in working with its FTP capabilities. So troublesome, in fact, that they have a 32-step troubleshooting guide for the Dreamweaver FTP connection. If you think you need it, go to http://www.macromedia.com/go/tn_14834.

Macromedia says that the Macintosh version of Dreamweaver MX 2004 sometimes chokes on large HTML tables. The problem is that they won't display correctly in Dreamweaver's Design view -- the last rows of tables may not get shown. However, if you switch to code view the rows are there, and if you display the page in a browser it will display correctly. For now the only workaround is to find some alternative to Design View (such as previewing in a browser) for checking your work.

Mandrake

Mandrakesoft has an updated MySQL server package for Mandrake Linux 10.x and Corporate Server 2.1 and 3.0. This update fixes some bugs that would allow authenticated users to do more than they should be doing. It also fixes a bug in the way that temporary files were created. Stefano Di Paola gets the credit for finding these bugs. See the details at http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:060.

Mandrakesoft has a new KDE package for Mandrake Linux 10.1. This update fixes a number of KDE bugs, including: kate kde bugs; kcontrol style bugs; a bug in the nsplugins; and a bug in konqueror. See the details at http://www.mandrakesoft.com/security/advisories?name=MDKA-2005:015.

McAfee

Internet Security Systems says that versions of the McAfee AntiVirus Library earlier that version 4400 has a stack overflow bug. An attacker may be able to trigger this via an LHA file. Read more in the ISS Advisory at http://xforce.iss.net/xforce/alerts/id/190.

Microsoft

If you are using Microsoft Access on a Windows 2000 computer to access network resources (when the database is on a server, for instance) you may get poor performance. The database file may be slow in opening, or queries might take longer to run. The problem is that Windows 2000 doesn't cache file-path information from long file names. Microsoft has a Registry fix for this. See the details, and important information about safeguards while editing the Registry, at http://support.microsoft.com/?kbid=843418.

Microsoft says that once an Access database gets to be about 2 gigabyte in size, you are going to start having problems. Running append or make table queries, or importing data, may trigger the error message
Invalid argument
Microsoft has one workaround -- shrink the size of that file. See http://support.microsoft.com/?kbid=835416 for suggestions on how to do that.

When using Microsoft Internet Explorer 6 Service Pack 1 you may get some intermittent errors when you try to close a window in an HTML application. This may log an Event ID 1000 in the Application Log with this description
Faulting application iexplore.exe, version 6.0.2800.1106, faulting module mshtml.dll, version 6.0.2800.1438, fault address 0x0007e4ce
Microsoft says this can be fixed by installing the fix that comes with security bulletin MS05-014, which is at http://www.microsoft.com/technet/security/Bulletin/MS05-014.mspx.

If you install Microsoft Internet Security and Acceleration (ISA) Server 2004 Standard Edition on a multiprocessor computer, the ISACTRL and WSPSRV services may not start up. This has been fixed in ISA Server 2004 Service Pack 1. You can download the service pack at http://support.microsoft.com/?kbid=891024.

Microsoft says that if you have an FTP server sitting behind Internet Security and Acceleration Server 2004 Standard Edition, the server won't be reachable by active mode FTP client programs. This has been fixed in ISA Server 2004 Service Pack 1. You can download the service pack at http://support.microsoft.com/?kbid=891024.

Microsoft has released a new version of the Application Compatibility Toolkit (ACT). Microsoft says that ACT 4.0 is supposed to identify compatibility isuues that may occur with Windows XP Service Pack 2. They do this by checking DCOM interfaces, firewall settings, and IE problems. You can download it, and also find out a lot more about it, at http://www.microsoft.com/windows/appcompatibility/default.mspx.

Microsoft Internet Explorer 6 will have problems printing or print previewing a webpage that has all of the following: a table nested in a table; the nested tables span a page; CSS (Cascading Style Sheets) are used for formatting; the CSS padding for each row is set to something greater than zero pixels. If all that happens, no printing nor previewing. The individual user of IE 6 can't do anything to fix this, other than to badger the webmaster of the offending page to reverse one of these conditions.

Microsoft says that if you try to downlaod a MIME-type file with a Content-Disposition content header in Internet Explorer 6, you may not be allowed to open the Internet Options dialog box. Instead, you may see this error message
This operation has been canceled due to restrictions in effect on this computer
As a workaround, Microsoft says you can just move to another webpage (one that doesn't involve that download) and you should be able to open the Internet Options box.

Sometimes when you open Microsoft Internet Explorer 6, the address bar may be missing. Often, the fix is simple: someone or something went to View, Toolbars, and unselected the Address Bar. Just go there and select it. However, sometimes that doesn't work. Microsoft says that sometimes there is a problem with the Registry that needs to be fixed. In particular, you need to delete the WebBrowser registry key. For details on how to do that, plus important safeguards about editing the Registry, see http://support.microsoft.com/?kbid=842903.

When installing either Microsoft MapPoint or Microsoft Streets and Trips, you may see an error message similar to one of the following:
Install error 1324 The path My Pictures contains an invalid character.
Or
Error 1324 invalid drive Drive_Letter
or
Error 1334: "The file AGENTANM.DLL could not be installed because the file cannot be found in cabinet file OSP1.CAB. This could indicate a network error, an error reading from CD-ROM, or a problem with this package.
Microsoft says this is usually due to an old or outdated Registry entry that's pointing to a drive letter that's no longer there, or a My Pictures folder that's been moved. You'll need to edit the Registry to fix this. See the instructions and important safeguards at http://support.microsoft.com/?kbid=894510.

Microsoft has a new version of the Office Outlook 2003 Junk Email Filter. It is supposed to do a better job of separating out the ED ads and mortgage solicitations from the email you really want to read. (That's if you really want to read any of it.) Get it at http://support.microsoft.com/?kbid=892236.

Microsoft says that you can try to apply a Office Outlook 2003 Group Policy setting to force Outlook clients using Cached Exchange Mode to use Unicode offline folder (.ost file) exclusively. However, there will be times that this Group Policy won't be applied correctly. Microsoft has a hotfix for this, which will be in a future Outlook 2003 service pack. If you need this right away, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 892089. Note that you may get charged for this call.

Microsoft says that if a user creates a number of deeply nested subfolders in a mailbox folder in Outlook, and then tries to move or delete the parent folder, they may crash the Microsoft Exchange Information Store Service (Store.exe) which may create an Event ID 9673 on the Exchange Server 2003 computer. Microsoft says that all the sub-folders create a large number or recursion calls that will overwheldm the stack in Exchange 2003. They have a hotfix for this, which will be in a future Exchange Server service pack. If you can't wait for the fix, contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 891504. Note that you may get charged for this call.

When using Microsoft Outlook 2002, if meetings are created in different time zones than the recipients are in, the meeting request times in the Auto Preview pand of the Outlook Inbox won't be the same as the meeting time in the Outlook calendar. This may also happen if the meeting was created using Collaborative Data Objects (CDO). Microsoft has a hotfix, which will be in a future service pack. If you can't wait for the fix, contact Microsoft Technical Support, and ask for the Outlook 2002 post-Service Pack 3 hotfix dated 2/2/2005. Note that you may get charged for this call.

When using the Script Editor in Microsoft Office Excel 2003, InfoPath 2003, PowerPoint 2003, or Word 2003, you may get an error message that looks like one of these:
Mse7.exe 11.0.5510.0 Msenv.dll 7.0.9064.9606 0018d883
Mse7.exe 10.0.2529.0 Msenv.dll 7.0.9064.9136 0018d4e4
Microsoft says this happens when the Toolbox.tbd file gets damaged or corrupted. Fix this by going to Windows Explorer and deleting this folder
C:\Documents and Settings\username\Application Data\Microsoft\Mse. If this happens to you, see http://support.microsoft.com/?kbid=840184. Microsoft is looking for feedback on what's going wrong.

The Microsoft Office Update site, at http://office.microsoft.com/officeupdate/default.aspx, may get confused when you use it to check your computer for needed updates. If you have updated to a newer version of Office, but have left some older versions of Office programs, you may be offered updates for the older ones. You may also get prompted to update Office components that you never installed. For more details on what may happen when good updates go bad, see http://support.microsoft.com/?kbid=830335

If you print a Microsoft PowerPoint slide to a black and white printer, any colored background on the slide will not be printed. That's not a bug, that's a feature. Due to the limitations of black and white printing, those no real way to know if the background, which would be in some shade of gray, would obstruct the foreground. So the background stays white. However, Microsoft does give you some workarounds. See them at http://support.microsoft.com/?kbid=895506.

When using Microsoft PowerPoint 2004 for the Macintosh, if you take a large (more than 500 by 500 pixel) image, edit it and then try to export the image out of PowerPoint, you may crash PowerPoint, and see an error signature something like
Exception: EXC_BAD_ACCESS
Date/Time: 2004-03-07 13:15:14 -0800
Application Name: Microsoft PowerPoint
Application Version: 11.0.0.040304
Microsoft has a workaround for this. See it at http://support.microsoft.com/?kbid=841494.

Microsoft notes that if you have upgraded to Office XP or Office 2003 from earlier versions, you may have an unpleasant surprise when you try to search for clip art. Unlike earlier versions of Office, where the clip art was on a CD, or installed on your hard drive, in the newer versions the clip art is stored at Microsoft's Office Online Web site. If your can't get on the Internet, you can't get to the clip art. Also, if you go to the Clip Art task pane, and uncheck the Web Collections option, you won't see it either.

Microsoft says that their Office Update Web site won't like certain third-party software, and when you visit you will see this error message:
Warning: You are viewing this page with an unsupported Web browser. This Web site works best with Microsoft Internet Explorer 5.01 or later or Netscape Navigator 6.0 or later. Click here for more information on supported browsers. Sorry, the Office Update site does not support Office for Mac Help. Office for Mac updates can be found on the Mactopia site.
Expanding on the error message, these are some of the programs that cause problems: Tenebril Ghost Surf Pro, Norton Internet Security 2004, McAfee Personal Firewall, and Zone Alarm. Basically, Microsoft wants you to lower your shields (security) so they can come in and install the update. To read more about this, see http://support.microsoft.com/?kbid=832765.

Microsoft says there is a bug in the DirectX 9.1 Software Development Kit. The Video Mixer Renderer (VMR) may have problems with anamorphic content, which is often found in DVD titles. In some cases, the video stream may get scaled incorrectly. Microsoft has a fix available for download from http://support.microsoft.com/?kbid=891220.

Microsoft says that if an Outlook client does a query of the Active Directory directory service, they have limited the number of entries returned to 5,000. If the limit is exceeded, there is no warning that you are only seeing some of the entries. The limit is there to improve the search time. There is a way to edit the Registry to exceed this limit. To see how, and to read important safeguards about editing the Registry, see http://support.microsoft.com/?kbid=893354.

Microsoft says that if you use connection-oriented callbacks when you install the telephony client on a Windows XP Service Pack 2 computer, that client won't be able to connect to a server. Connection-oriented callbacks come when you use the /x switch when installing the client. To fix this, you are going to have to configure the Windows Firewall to let the communications occur. See the details at http://support.microsoft.com/?kbid=892895.

You will not be able to save any Personalization settings for yourself at the Windows Update website if you do not have the Userdata persistence security setting turned on within Internet Explorer. See how to do that at http://support.microsoft.com/?kbid=836914.

If you have multiple hardware profiles configured on a Microsoft Windows 2000 computer, and you start or reboot the computer just before midnight, the computer may hang at the Hardware Profile/Configuration Menu at 24:59. This will only happen if the option "Select the first profile listed if I don't select a profile" has been turned on. This means you have two workaround -- turn off that option, or wait a minute till after midnight before booting. If you want a fix, Microsoft has one that will be included in the next service pack. If you can't wait for the fix, contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 890579. Note that you may be charged for this call.

Microsoft says that a problem with your DCOM settings in your Windows XP or Windows 2000 computer may interfere with the Microsoft Windows Update website. You may be able to scan for updates, and see a list. But when you click on Install, all you see is a frozen status bar. To verify your DCOM Security options, see Microsoft's instructions at http://support.microsoft.com/?kbid=896227.

Microsoft has a new tool, the User Profile Hive Cleanup Service, that can be used to deal with problems where user profiles aren't unloading correctly, leading to Event Log 1000 in Userenv showing up in the error logs. Get the tool, and read more about it, at http://www.microsoft.com/downloads/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582.

Microsoft says that if you try to use the HyperTerminal applet in Windows to transfer hexadecimal data between two computers, you may have problems. If you are using a COM port connection, and the data has lots of FF hex values, it may run afoul of the Auto detect mode in HyperTerminal. Some of the FFs will end up as 7Fs. Microsoft says to turn off Auto detect mode as a workaround. See http://support.microsoft.com/?kbid=892143 for details.

If you have lots of documents in the queue of a Windows 2000 based print server, some of the text in the documents will print in the wrong font. This is a limited problem, because when Microsoft says "lots" of documents, they actually mean about 80,000. If you do have a queue of that size, Microsoft has a hotfix for you. It will be in a future service pack, but if you have 80,000 documents waiting to print, you may want to contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 884540. Note that you may get charged for this call.

Microsoft says that a technique that can be used to export a security template in both Windows 2000 and Windows Server 2003 won't work with Windows XP. According to Microsoft, because of a design decision in Windows XP, security templates are stored in the Registry, rather than in the Secedit.sdb database. (That's cool, Microsoft. The Registry never gets too big - let's use it for storage.) Microsoft has a workaround for Windows XP users at http://support.microsoft.com/?kbid=889532.

Here's a bug that mostly affects webmasters -- if you have a Windows XP Service Pack 2 computer, and you try to upload an HTML document to the validator at the W3C (World Wide Web Consortium) at http://validator.w3.org/, you may get this error message from the site
Sorry, I am unable to validate this document because its content type is text/plain, which is not currently supported by this service.
Microsoft says you will need to install MS05-014, the cumulative security update for Internet Explorer, at http://www.microsoft.com/technet/security/bulletin/ms05-014.mspx.

Disable the Windows Firewall service on a Windows XP Service Pack 2 computer, and Microsoft says the Computer Browser service will stop five minutes later. You'll see this error in the System Log afterwards
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Description: The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
Microsoft has a hotfix for this, which will be in a future Windows XP service pack. If you need the fix right away, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 889320. Note that you may get charged for this call.

Some configurations of Windows XP Service Pack 2 computers may lose the ability to play sounds after they've woken from hibernation. This is due to a bug in the Windows Audio Class driver Portcls.sys that may cause a race condition if it gets a request from Windows before it gets back to a powered state. Turning off the computer and then restarting will bring the sound back. Microsoft has a hotfix to keep this from happening, which will be in a future Windows XP service pack. If you can't wait for the fix, contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 892559. Note that you may be charged for this call.

Some spyware may trigger a Blue Screen of Death in Windows XP. Microsoft says the Rootkit/Spyware known as msupd5.exe Reloadmedude.exe might be to blame for causing the error message
STOP: 0x00000050 (0xeb7ff002, 0x00000000, 0x8054af32, 0x00000001) PAGE_FAULT_IN_NONPAGED_AREA nt!ExFreePoolWithTag+237
It may also trigger an Event ID 1003 in the System Log. Microsoft has two different workarounds for getting rid of this. See http://support.microsoft.com/?kbid=894278 for the details.

Here's something fixed by Windows XP Service Pack 2 that didn't come to light until recently. Microsoft says that a user without administrative rights can remotely shut down a Windows XP Service Pack 1 computer by giving the TSShutdn.exe command. Apparently, Remote Desktop didn't care about checking the remote user's rights before pulling the plug.

Microsoft says that if you have a Windows XP Service Pack 2 computer, this chain of events may prevent you from accessing your Encrypting File System (EFS) files: logging on to your computer as a local user; getting a prompt to change your password because it expired; changing your password. Microsoft says this will prevent the user profile from loading correctly, which keeps you from your files. If you change your password back, you will be able to access the files. Microsoft has a hotfix for this, which will be in a future service pack. If you can't wait for the fix, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 890951. Note that you may get charged for this call.

The installation of DirectX 9.0 onto a Windows XP computer may be thwarted by the presence of a file on your system. The file is %SystemRoot%\System32\Dxxpdbg\Dxxpunp.inf, and it may prevent D3dref8.dll from being installed, which will then trigger this error message
DirectX did not copy a required file
Fix this problem by deleting that .inf file. See http://support.microsoft.com/?kbid=891890 for details on how to do that.

If you use a Sysprep image to deploy Windows XP Service Pack 2, the IIS (Internet Information Service) and SMTP (Simple Mail Transfer Protocol) services may not start on the computer. This will get logged into the System log as an Event ID 116 with the message
The service metabase path '/LM/SMTPSVC/' could not be opened. The data is the error code.
Microsoft has both workaround information and hotfix information at http://support.microsoft.com/?kbid=889073.

Microsoft says that on both Windows XP Service Pack (SP) 1 and SP 2 computers, some programs may ignore the Taskbar and Start Menu option to "Keep the taskbar on top." Maximizing these applications will cover up the Task bar. Microsoft has a hotfix for this, which will be in a future service pack. If you can't wait for the fix, contact Microsoft Technical Support, and ask for the hotfix described in Knowledge Base article 884539. Note that you may get charged for this call.

Microsoft says that if you are using a Windows Media Center Extender device connected to a Windows XP Media Center 2005 computer via a wireless network, and that network has both mixed 802.11g and 802.11b hardware on it, your video playback may be rather choppy. Microsoft has a number of suggestions for working out the kinks at http://support.microsoft.com/?kbid=896030.

If you upgrade your computer to Microsoft Windows XP Media Center Edition 2005, you may cause problems with Microsoft Widnows Media Player 10. That application may not start, or it may not be able to use Microsoft Windows Media Rights Manager (WMRM) files. This happens both because of a bug in the upgrade process, and because the Digital Rights Management (DRM) license migration utility does not run. Microsoft has a hotfix for this, which will be in a future Service Pack. If you can't wait for that, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 884373. Note that you may get charged for this call.

While Microsoft has fixed a security threat that can come in through the Digital Rights Management feature of Windows Media Player, they only made the fix in Windows Media Player 10. Version 9, which may be even more wide-spread, was not patched. There seems to be multiple stories running around on what they said and what they did. This eWeek story at http://www.eweek.com/article2/0,1759,1771220,00.asp tries to sort things out.

Microsoft says that the Connection Manager Administration Kit (CMAK) for Windows XP may not work correctly. If you use it to create a connection manager package, and you choose the option Allow anyone to use this credential, the pre-set password won't work. Microsoft has a hotfix for this, which will be in a future Windows XP service pack. If you need it right away, contact Microsoft Technical Support and ask for this fix described in Knowledge Base article 893609. Note that you may get charged for this call.

Microsoft says they won't be releasing any security bulletins for the month of March. That gives people time to catch up with all the ones released last week.

Microsoft says there is a handle leak in the Windows Security Center service of Windows XP Service Pack 2. This means that when you run a manual or scheduled antivirus scan, you may end up with additional open handles in svchost.exe. Microsoft has a hotfix for this, which will be in a future Windows XP service pack. If you need the fix right away, you can contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 892489. Note that you may get charged for this call. A workaround, of course, is to reboot your computer. That should eliminate the open handles.

If you are trying to insert a color .tif image with a Xerox WIA scanner and camera driver into a Microsoft Office XP document, it may not work. In fact, you may crash the Office application when you try it. Microsoft has a hotfix for this, which will be in a future Office XP service pack. If you need the fix right away, contact Microsoft Technical Support and ask for the Office XP post-Service Pack 3 hotfix package of January 24, 2005, which is described in Knowledge Base article 892554. Note that you may get charged for this call.

Microsoft has an update for the Windows XP Media Center Edition 2005. This fixes a bug that sometimes leaves you with a black screen when you come back to the Media Center PC from standby mode. You can get the update at http://www.microsoft.com/downloads/details.aspx?FamilyID=b29a3b1d-a0a2-4d3f-aefb-b0aad2929ebc.

Microsoft says that when you are working in Word 2002, and going back and forth between a couple of documents that each have some different reviewers, you may end up with some problems. Some of the reviewers of one document, who have Track Changes turned on, may end up listed as reviewers of the other document. You can read how this happens at http://support.microsoft.com/?kbid=892146. Microsoft says they have fixed this in Word 2003.

If you are working in Microsoft Word 2002 and you have used Microsoft Visual Basic for Applications (VBA) for a WindowSelectionChange event, moving the insertion point in a document may cause the Styles and Formatting task pane or the Revel Formatting task pane to flicker. Microsoft says they have fixed this in an Office XP Post-Service Pack 3 hotfix. Find out more about this at http://support.microsoft.com/?kbid=894688.

MIT

MIT Kerberos 5 is susceptible to the TELNET bug that may allow a malicious TELNET server to run code on the vulnerable TELNET clients. All versions up to krb5-1.4 are vulnerable. This is going to be fixed in the upcoming krb5-1.4.1 patch release. There is workaround information at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-001-telnet.txt.

Mozilla

The Mozilla Foundation says that if you put a bookmark to a maliciously-designed web page in a Mozilla Firefox 1.0.1 sidebar panel, it may be possible for that page to open up a privileged page, inject some Javascript and then run some damaging program. As a workaround, avoid adding sidebar panels (or bookmarking malicious pages.) To fix this, upgrade to Firefox 1.0.2 at http://www.mozilla.org/products/firefox/.

Mozilla says there is a bug in the obsolete Netscape extension 2 that may lead to a heap overrun when parsing a GIF image. That heap overrun could then be used to run hostile code on the computer. This has been fixed in Thunderbird 1.0.2 and Fireforx 1.0.2, as well as the Mozilla Suite 1.7.6.

When using Mozilla Firefox 1.0 or 1.0.1, if you go to a web page and get a message
The document contains no data
the problem may actually be in your cache. Go to Tools, Options, Privacy, Cache and clear it. If that doesn't work, and you are using Peer Guardian software, turn it off. Still no data? Check the web page with another browser. If it's blank there, too, it's probably a website problem and not you.

Mozilla says that in Thunderbird 1.0 and Firefox 1.0, when coverting a string from UTF 8 into Unicode, a bad guy could trigger a heap overflow, which could then be used to run hostile code. You may only be able to do this by getting the string into the converter in the first place, which may not be easy. This has been fixed in Thunderbird 1.02, Firefox 1.0.1 and the Mozilla Suite 1.7.6.

Mozilla.org says that a number of spoofing attacks, such as the Fireflashing attack, that can be exploited via plug-ins, have been prevented in the latest versions of their browser. Upload to Firefox 1.0.1 or Mozilla Suite 1.7.6 to get the fix.

Mozilla says that in Firefox 1.0.1 and in the Mozilla Suite, if you can be tricked into dragging some object (Move the Scrollbar! Win $100!) it might be possible to bypass restrictions on opening privileged XUL. Scripts triggered when that start up run with enhanced privileges -- that means they could be an opening into a further attack on a system. This has been fixed in Firefox 1.0.2 and Mozilla Suite 1.7.6.

A drag and drop spoofing bug has been fixed in Mozilla Thunderbird 1.0.2. Previously, if you drag and dropped an image to your desktop, it kept its same name and extension. If this had been named a file with an extension such as .EXE, it would have turned into a file that would be launched, running hostile code. The user would need to click on the icon, and not notice that it is an .EXE, so there are still safeguards.

Nokia

A new cellphone virus that targets Nokia's Series 60 smartphones is on the loose. It appears to have been born in Russia, and spreads through MMS messages and maybe also through a Bluetooth connection. (The latter method needs physical proximity to work.) The smart way to use a smart cellphone, at least while these things are circulating, is not to install any applications that come via an MMS message, and also to run Bluetooth in undiscoverable mode. While the Nokia phones are mentioned, any other smart phone based on the Symbian OS may also be at risk.

Novell

Novell has an updated SuSE Linux package for MySQL for just about all supported versions of SuSE Linux. This fixes an error in the mysqlhotcopy script. It also fixes some bugs that would allow remote authenticated users to elevate their privileges via SQL injection attacks.

Novell has released the NetWare 5.1 Support Pack 8. This is supposed to be the last support pack for NetWare 5.1. If you are going to install it, and you have Dell OpenManage software running on the server, you will need to disable it by editing the autoexec.ncf file and putting a semicolon before this line
dell/omanage/omsa/dcstart""arraymgr.ncf
sys:stystem/dell/omanage/iws/bin/netware/omastart.
You can get the Support Pack at http://support.novell.com/servlet/tidfinder/2971008.

Novell has released the NetWare 5.1 Support Pack 8. This is supposed to be the last support pack for NetWare 5.1. When you install it as an upgrade over Support Pack 7, it may move the HP Hot-Plug Driver, which may adversely affect how Hot-Plug works. If you are having a problem, see the release notes to the support pack at http://support.novell.com/servlet/tidfinder/2971008.

Novell has a patch for the Novell Client v4.90 SP2 for Windows NT/2000/XP. It fixes some bugs in the LgnCxW32.dll module that may either cause delays in the LDAP contextless login, or where that login may hang. Without this patch, a LDAP Treeless Login may cause a crash. Get the fix in 49psp2_lgncx_4.exe at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970784.htm.

Novell says there is a security bug in iChain 2.2 with Support Pack 3 and earlier, and iChain 2.3 with Support Pack 2, or iChain 2.3 build 269. Users may be able to administer an iChain server without having to show any credentials. However, Novell says this can only be exploited by having physical access to the local network. While they work on a patch for this, they have some workaround information available at http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096885.htm.

Novell has two security fixes for SuSE Linux. The first is a fix for phpMyAdmin, which they say applies to all SuSE Linux products. It helps prevent cross-site-scripting attacks. There is also a fix for gpg, the Open PGPG protocol. It can be fooled via timing-attacks.

Novell has an update for SUSE Linux Enterprise Server 9 and the Novell Linux Desktop 9. There is a bug in libcurl, which is an HTTP/FTP retrieval library use by many other applications. A remote attacker may be able to exploit this to run their own code on the target computer. After you have installed the update, make sure to restart any service that uses libcurl.

Novell has updated their RealPlayer media player for the Novell Linux Desktop 9. This fixes two buffer overflows that would let an attacker run their own code on your computer through a malicious Synchronized Multimedia Integration Language (SMIL) file or .wav file.

Novell has released ZENworks 6.5 Support Pack 1a. Version 1a is essentially the same as Support Pack 1, only it fixes two bugs in the Imaging component. If you've already installed SP1, you don't need the full install of SP1a; you can just get the two fixed files separately at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970908.htm. If you haven't yet upgraded, however, you can get the full package at
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970909.htm.

NVIDIA

NVIDIA says that if you are using one of their GeForce 6 Series graphics cards with SLI, and the 71.84 driver, you won't be able to overclock using Coolibts if SLI mode is turned on. NVIDIA says they will get this fixed in the next driver update.

If you have a Windows XP computer with a NVIDIA GeForce 6800GT/Ultra SLI, with the 71.84 driver and you have SLI enabled, you may get a crash whenever you try to play Vivendi Universal's Chronicles of Riddick. As a workaround, NVIDIA says to switch to single-GPU SLI mode.

NVIDIA says that a Windows XP computer with a GeForce 6 Series graphics card running the 71.84 driver may have "lighting issues" when you try to play Sierra Entertainment Half-Life 2. There is no fix yet.

NVIDIA has released the 71.84 driver for their GeForce series graphics cards. The new driver is compatible with the 1680 by 1050 resolution on flat panel displays, and also adds support for the GeForce 6200 with TurboCache, PureVideo, and SLI. You can get the new driver at http://www.nvidia.com/object/winxp_2k_71.84.html.

NVIDIA says that if you have a GeForce 6800/6600/6200 video card with the 71.84 driver on a Windows XP computer, there may be problems with EA Sports Tiger Woods 2005. If SLI mode is enabled, the introductory videos may not play. If you have the GeForce 6600 with SLI enabled, then you may get course corruption. There is no fix yet.

If you try to play Dreamcatcher Interactive Painkiller on a Windows XP computer with a NVIDIA GeForce 6600 graphics card and the 71.84 driver, you may end up with texture corruption in the ammo interface. If you use SLI mode, then you may also get frame skipping. There is no fix yet.

Opera

Nothing this month

Oracle

Nothing this month

RealNetworks

Two separate bugs are affecting most of RealNetworks media players. The affected software includes Helix Player 1.x, RealOne Player v1, RealOne Player v2, RealPlayer 8, RealPlayer 10.x, and RealPlayer Enterprise 1.x. There are buffer overflows that could allow an attacker to run their own code on your computer through a malicious WAV or SMIL file. Updates to these products are available at http://service.real.com/help/faq/security/050224_player/EN/. One bug was reported by Mark Litchfield of NGS Software, and the other came in anonymously through iDEFENSE.

Red Hat

Red Hat has an updated telnet package for Red Hat Enterprise Linux 2.1, 2, and 4, as well as the Red Hat Desktop 3 and 4. This fixes the buffer overflow bug in TELNET, found by iDefense, that may allow a malicious server to run code on a TELNET client. Get the update at https://rhn.redhat.com/errata/RHSA-2005-327.html. They also have patched their Kerberos 5 package to take care of these same bugs. That update is at https://rhn.redhat.com/errata/RHSA-2005-330.html.

Red Hat has their version of the Mozilla Firefox and Thunderbird updates for use with Red Hat Enterprise Linux 4 and the Red Hat Desktop. These are the equivalent of the 1.0.2 update for both the products. The Firefox update is at https://rhn.redhat.com/errata/RHSA-2005-336.html and Thunderbird's is at https://rhn.redhat.com/errata/RHSA-2005-337.html.

Red Hat has an updated ethereal package for Red Hat Enterprise Linux 2.1, 3, and 4. This update fixes a number of security bugs that may lead to buffer overflows that can exploited remotely. Get the update at https://rhn.redhat.com/errata/RHSA-2005-306.html.

Red Hat has an updated squid package for Red Hat Enterprise Linux 4 and the Red Hat Desktop 4. There is a bug in squid, which is a web proxy cache, that a remote attacker can exploit by sending a malicious DNS response to an FQDN lookup. Squid could crash, resulting in a denial of service attack. Get the update at https://rhn.redhat.com/errata/RHSA-2005-201.html.

Red Hat has a new RealPlayer package to fix some security bugs in the RealPlayer media player for Linux. These bugs would let an attacker run their own code on your computer through a malicious Synchronized Multimedia Integration Language (SMIL) file. Get the fix at https://rhn.redhat.com/errata/RHSA-2005-265.html.

Red Hat has released updated firefox patches for Red Hat Enterprise Linux 4 and the Red Hat Desktop 4. This package has all the fixes in the Mozilla Firefox 1.0.1 update, discussed elsewhere in the BugBlog. Red Hat users can get their version at https://rhn.redhat.com/errata/RHSA-2005-176.html.

Sun Microsystems

Sun Microsystems says that Solaris 7,8,9, and 10 on all platforms is susceptible to the TELNET bug originally reported by iDefense. This buffer overflow bug may allow a malicious server to run damaging code on a client. Sun says a fix will be forthcoming; check the workaround information at http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1.

Sun Microsystems says that their Sun Java System Application Server has a cross-site scripting bug that may cause them to run scripts that come from remote unprivileged users. This can be done via misleading web pages or mail messages. This can happen in the Sun Java System Application Server Standard or Platform Edition 7 Update Release 5 or earlier, and the Sun Java System Application Server 7 2004Q2 Standard or Enterprise Edition Update Release 1 or earlier. You can upgrade to fixed editions at http://sunsolve.sun.com/search/document.do?assetkey=1-26-57742-1. Sun credits Eric Hobbs of MagnaWare for finding this bug.

Sun Microsystems says there is a bug in the BIND DNS daemon in Solaris 7,8 and 9 that may allow a privileged remote user to trigger a denial of service attack by triggering invalid negative responses. This has been fixed in ISC BIND 8.4.2 and 8.3.7. You can get Sun's patches at http://sunsolve.sun.com/search/document.do?assetkey=1-26-57434-1.

Sun Microsystems says there is a bug in the Kerberos 5 Administration Library for Solaris 9 and for the Solaris Enterprise Authentication Mechanism (SEAM) 1.0.1. It is a heap overflow, and may allow an authenticated user, but one who is not an administrator, run their own code on the Kerberos Key Distribution Center (KDC) host. See
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57712-1 for patch information.

Sun Microsystems says there is a bug in the STSF Font Server Daemon. This may allow local unprivileged users to overwrite or delete files on your system. This could happen on Solaris 9 only. Get the patch for either SPARC or x86 at
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57738-1.

Symantec

There is a potential denial of service attack that can be launched against most Symantec Norton AntiVirus (NAV) products, including Norton AntiVirus 2004, Norton Internet Security 2004 (Professional), Norton System Works 2004 (Professional), Norton AntiVirus 2005, Norton Internet Security 2005, and Norton System Works 2005 (Premier). Researchers at the Information-Technology Promotion Agency-Japan, IPA, found that if files are modified in a certain way, the NAV products may crash with a Blue Screen of Death when they are scanned with the Norton Smart Scan feature. Symantec has patched all their products, and the fixes are available via LiveUpdate. See the details at http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html.

Symantec says that a security bug may interfere with the DNS (domain name service) through DNS cache poisoning. This could affect the Symantec Enterprise Firewall 7 and 8, Symantec Gateway Security 5300 and 5400, and the Symantect VelociRaptor. This bug may cause hostnames to be resolved to bogus addresses. Symantec first released a fix on March 4, and updated it on March 14. See http://securityresponse.symantec.com/avcenter/security/Content/2005.03.15.html for more details.

Symantec says that a bug in their Symantec Firewall/VPN Appliance 200/200R, Symantec Gateway Security 360/360R, Symantec Gateway Security 460/460R, and Nexland Pro800turbo may allow trusted network data to be passed over into an untrusted part of the network. This only happens if SMTP binding in load-balanced configurations is being used. Symantec has firmware updates for the devices at http://securityresponse.symantec.com/avcenter/security/Content/2005.02.28.html.

Winamp

Nothing this month

Yahoo

Nothing this month

Zone Alarm

Nothing this month