BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02


View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily


Working with Words


Sardonic Views

Filtering Craig

Hotel Bruce


Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.


What I'm Reading

Macromedia ColdFusion MX Web Application Construction Kit
(so I have a dull life!)


The BugBlog uses monthly archives. All the March bugs will be on this page. Use the links on the left or below to jump back to past months.

The BugBlog is free- but if you want to help support its existence, please make a donation via PayPal using the button at left. Better yet, subscribe to the BugBlog Plus. A three month subscription is only $5. XML

Read the special report on bugs, incompatibilities and other problems in entertainment software and hardware.

3/31/2004 Better Connections With a Palm Tungsten C

If you aren't happy with the Wi-Fi connectivity of your Palm Tungsten C, you should get Update 2.0. It fixes a problem that was causing you to lose your Wi-Fi signal either because of an invalid DHCP request or due to a premature connection timeout. It also fixes a bug that was causing roaming problems where you were in a campus environment with multiple access points. Get the update at http://www.palmone.com/us/support/downloads/tungstenc/tungstenc_update_20.html.

3/30/2004 Windows XP Hotfix May Be Needed to Fix Earlier Hotfix Problems

If you install the Microsoft Windows XP hotfix that is described in Knowledge Base Article 818078, it deletes three values in the Registry key HKEY_CURRENT_USER\Volatile Environment. These are HOMEDRIVE, HOMEPATH and HOMESHARE. If some other third-party application needs these Registry values, they will then have problems. Microsoft has a new hotfix that will fix the problems caused by the earlier hotfix. If you need it, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 824898. Note that you may get charged for this call.

3/29/2004 Bad Guys Targeting Cisco

Code that shows how to exploit previously announced (and patched) vulnerabilities in a number of Cisco products has been released and is now circulating around the bad-guy community. If you rely on Cisco products such as Cisco IOS Router, Cisco IOS, Cisco Catalyst SSH, Cisco 675 Web Administration, Cisco Catalyst 3500 XL, or Cisco 514, should get over to http://www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml and make sure you are current on all the patches and fixes.

3/27/2004 Too Much Encryption Gives Outlook a Problem

Microsoft says that if you use Outlook 2002 to send an encrypted message to 200 or more recipients, when it gets to the 200th it may give this error message
Microsoft Outlook had problems encrypting this message because the following recipients had missing or invalid certificates, or conflicting or unsupported encryption capabilities: e-mail recipient
Microsoft says there will be no problems with the first 199. There will also be no problems if you upgrade to Office XP Service Pack 3.

3/25/2004 Fan Your Apple PowerMac

Apple has an update for the Fan Control system on the PowerMac G5, running Mac OS X 10.2.7 or 10.2.8. If you think you need improved fan performance, get the 1 MB update (all that for a fan!).

3/24/2004 CorelDRAW Copy and Paste Problems

If you are having problems copying and pasting from CorelDRAW 11 to Corel PHOTO-PAINT, then get CorelDRAW 11 Service Pack 2. According to Corel, the service pack fixes this.

3/23/2004 Safari Gets Lost on HotMail Attachments

Apple says that you may not be able to use their Safari 1.0 browser on a Mac OS X 10.2 or later computer to download an attachment from your Microsoft Hotmail account. Instead, you will be asked to log on again. For now, Apple says to use Microsoft Internet Explorer if you need to get attachments from Hotmail.

3/22/2004 Too Much Security Hinders Microsoft Outlook 2002

If you are using a Post Office Protocol 3 (POP3) email account with Microsoft Outlook 2002, and the mail server uses both Secure Sockets Layer (SSL) security and Secure Password Authentication (SPA), Outlook may give you an error message. The message won't be that there are too many acronyms; instead it may be one of these errors:
0x8004210A, 0x800CCC0B, 0x8004210B
Microsoft says they have fixed this in Office XP Service Pack 3.

3/21/2004 Security Hole in Norton Internet Security

Symantec Norton Internet Security uses an ActiveX component that is marked safe for scripting. However, the security research group NGSSoftware has found that outsiders may be able to launch an attack that would use this component to run their own commands on the computer. NGSSoftware says that Symantec quickly patched Norton Internet Security and that the fix is available through Symantec' s Live Update feature.

3/20/2004 BlackICE May Forget Its Settings

If you are updating to ISS BlackICE PC Protection Release 3.6.ccg, and you are making the jump from BlackICE 2.9, none of your preferences in the BlackICE Attacks and Intruders windows are saved. The only workaround, according to ISS, is to write down your settings before upgrading, and then enter them again. You can find the new version at http://blackice.iss.net/update_center/index.php.

3/19/2004 ATI Updates Catalyst Suite to 4.3

ATI has updated their CATALYST software suite. The new version 4.3 includes these updated components: RADEON™ display driver 7.991; Multimedia Center 8.9; HydraVision 3.25.0006; HydraVision Basic Edition 3.25.9006; Remote Wonder 2.3; WDM version 3.11. This update is for Windows XP, 2000, and ME. If you are still using Windows 98, ATI says you should use the ME driver. Detailed information about what gets fixed is in the BugBlog Plus.

3/18/2004 ColdFusion MX and JRun 4.0 Slip on SOAP

Macromedia says that people running ColdFusion MX and Jrun 4.0 Web Services may get hit by a denial of service attack through a specially constructed SOAP request. If you run this software, and you have web services available publicly, or that may be accessed by an attacker, you need to go to http://www.macromedia.com/devnet/security/security_zone/mpsb04-04.html to get the fix.

By the way, what PC Magazine columnist John Dvorak complains about in his 3/15/04 column, he could have learned about in the BugBlog Pluson 1/23/04. That's not to say we always stay three months ahead of PC Magazine.....

3/17/2004 Mac OS X 10.3.3 Fixes Classic Font Problem

Apple says that when you are using Mac OS X 10.3.2, and you disable some of the Classic Mac OS fonts, it may cause either the Address Book or some other applications to crash. This has been fixed in the Mac OS X 10.3.3 update.

There's more on the Mac OS X 10.3.3 update, as well as continuing coverage on the bugs fixed by Microsoft Office XP Service Pack 3, in the BugBlog Plus.

3/16/2004 Cisco Upgrades IOS, and Apple Upgrades iDVD

For detailed information on what's new and what's fixed in Cisco IOS 12.3T, go to http://www.cisco.com/warp/public/732/releases/release123/123t/. There's a Flash demo, and a couple of hundred PDF pages with all the details.

Apple has upgraded iDVD to 4.0.1. They "highly recommend" the upgrade for improved reliability. However, they do not detail exactly what bugs get squished to achieve that reliability. You can find it at http://docs.info.apple.com/article.html?artnum=120326.

3/16/2004 Bugs on the Keyboard, Not In the Keyboard

Here's a slightly different bug report. This story on the BBC looks at a study by some University of Arizona microbiologists. They say that workstation surfaces, such as keyboards and phones, have 400 times as many microbes as lavatories. One choice quote "Desks are really bacteria cafeterias." Read the whole thing at http://news.bbc.co.uk/1/hi/health/3505414.stm.

3/15/2004 Macromedia Patches Their Mac OS X Installation Procedure

Macromedia has released a hotfix for the Macintosh versions of their software. This fixes a bug in the installation that continually prompts for the serial number. This happens if the person installing the software doesn't have administrator-level permissions. You can get the hotfix at http://www.macromedia.com/support/service/ts/documents/activation_loop.htm?

3/13/2004 Catch Up To These MS Word 2002 Fixes With Office XP Service Pack 3

Microsoft Office XP Service Pack 3 includes all of these previously released hotfixes for Word 2002 (listed by their Knowledge Base explanation and release date): 823329 7/3/03; 823957 7/18/03; 823961 7/27/03; 823962 7/28/03; 823972 8/9/03; 825814 8/15/03; 827138 8/21/03; 827971 9/12/03; 827973 9/12/03; 827980 9/19/03; 827986 9/25/03; 829342 10/7/03. It also includes all of the fixes in Office XP Service Packs 1 and 2.

3/12/2004 What Gets Fixed and What Gets Broken in Microsoft Office XP Service Pack 3

Microsoft has released Office XP Service Pack 3. You can find information on downloading and installing the service pack at http://support.microsoft.com/?kbid=832671. There are a number of different ways of doing it. Most of them will be time-consuming unless you have a broadband connection. The BugBlog Plus will have detailed coverage over the next couple of days of what gets fixed and what gets broken by the service pack.

3/11/2004 Display Setting May Stop Adobe Creative Suite Licensing

You may have trouble accepting or denying the Software License Agreement when installing Adobe Creative Suite on a Windows 2000/XP computer. If you have set the Display Properties, Font Size to something other than Normal, or the video driver display DPI isn't set to Normal, when you hover over the buttons, you will see an I-beam rather than an arrow. The simplest fix, according to Adobe, is to make sure the Accept button is active, and press the Enter key.

3/10/2004 Outlook 2002 Needs Patched

Microsoft has patched another security hole in Microsoft Outlook. This one affects people who use either the version of Outlook in Microsoft Office XP, or in the standalone Outlook 2002. The bug allows an attacker to use a specially designed mailto: URL to get a script to run within the Local Zone. Patches for the two vulnerable versions of Outlook are at http://www.microsoft.com/technet/security/bulletin/ms04-009.mspx. Microsoft originally thought this would only happen in the Outlook Today view.

3/9/2004 Buffer Overflow in Acrobat Reader 5.1

The security research firm NGSSoftware has posted a bulletin highlighting a security bug in the Adobe Acrobat Reader version 5.1. The XML Forms Data Format (XFDF) extension has a flaw that may allow a buffer overflow, which may allow an attacker access to your computer. This has been fixed in the latest version of the Acrobat Reader, 6.0, which is available at http://www.adobe.com/products/acrobat/readstep2.html.

3/8/2004 Cisco Switch Vulnerable to Bad Packets

Cisco says their CSS 11000 Series Content Services Switches are vulnerable to a denial of service attack via malformed UDP packets that come over the management port of the switch. The affected models are the CSS 11050, CSS 11100, CSS 11150, and CSS 11800. To fix this, you need a software patch. You can get it from

3/6/2004 Outlook 2003 is Pretty Bad About PGP

If you upgrade from Microsoft Outlook 2002 to Outlook 2003, and you have the PGP email encryption program installed on the computer, you probably won't be able to start Outlook 2003. Instead, you may get this error message:
"Can't open this item out of memory or system resources."
and Outlook won't be able to connect to Microsoft Exchange Server. The only workaround Microsoft gives is to remove the PGP program via the Control Panel's Add/Remove Program icon.

3/5/2004 WordPerfect 2002 Service Pack 4 Isn't Cumulative

Corel has issued Service Pack 4 for WordPerfect Office 2002. Before installing it, note that it is not a cumulative service pack and doesn't contain earlier bug fixes. Make sure you have installed Service Pack 3 before getting the latest one. You should also shut down PrintServer100.exe and CorelCENTRAL alarms before installing the service pack.

Coverage of the individual bug fixes in the service pack continues in the BugBlog Plus.

3/4/2004 Microsoft Money isn't Bilingual

If you are using a U.S. version of Microsoft Money 2002, 2003, or 2004 on a Windows computer whose default system locale is not set to English (United States), you probably won't be able to start Money. Instead, it will crash at startup with this error message:
Microsoft Money encountered an error and needs to close.
Error signature:AppVer: ModName: mnyob99.dll ModVer:
Offset: 0016e58a

Microsoft says you will need to go to the Contro Panels Regional and Language Optons, go to the Language Advanced tab, and select English (United States).

3/3/2004 Novell Fixes up NetMail

Novell has upgraded NetMail 3.10. The new version 3.10G now handles the anti-virus configuration correctly. If you set the configuration not to notify the sender of the virus, this configuration will be honored. Get the update at http://support.novell.com/servlet/tidfinder/2968336. (Editorial: If you have the ability NOT to notify the sender, you should use it. Why? Because the virus or worm is probably using a spoofed return address anyway, so the notification won't be going to the right place. All you are doing is cluttering up the wrong person's inbox.)

3/2/2004 Microsoft Fixes an Earlier Internet Explorer Hotfix

Microsoft has released a hotfix to fix a bug in a previous hotfix. The first, flawed hotfix was the Q323734 hotfix for Internet Explorer, which was needed to fix problems in Iedkcs32.dll. But after installing that hotfix, IE 6 may crash intermittently. Also if you follow a link in Microsoft Outlook that opens a file in Microsoft Windows Media Player, you may also get a crash. To get the second hotfix, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 822755. Note that you may get charged for this call. Otherwise, wait for the next Internet Explorer service pack.

3/1/2004 Buffer Overflow Zaps WinZip

The security firm iDefense has found a buffer overflow in the archiving program WinZip. An attacker can send an archive that has a specially constructed MIME archive, with a file extension of .mim, .uue, .uu, .b64, .bhx, .hqx and .xxe extensions, that crashes WinZip and allows the attacker to run their own code. This has been fixed in WinZip 9, which you can get at http://www.winzip.com/. iDefense also suggests a workaround where the MIM file extension is no longer associated with WinZip. This is done via Windows Explorer's Tools, Folder Options, File Types dialog. You can find more information from iDefense at http://www.idefense.com/application/poi/display?id=76&type=vulnerabilities.

2/29/2004 ISS BlackICE and RealSecure aren't Really Secure

Internet Security Systems (ISS) RealSecure and BlackICE servers have a bug that leads to a heap overflow when processing of Server Message Block (SMB) packets.This may allow attackers to run circumvent security and run their own code on the servers. You can read the details at eEye Digital Security at http://www.eeye.com/html/Research/Advisories/AD20040226.html. They credit Barnaby Jack for finding the bug. You can get patches from ISS to fix this bug at http://www.iss.net/download/.

2/28/04 TurboTax Can't Create Necessary Files

When installing Intuit TurboTax 2003, you may see this error message
"Error Creating Necessary Version Files"
If you do, you need to download this fix,
http://sharedld.intuit.com/pub/turbotax/2003/ErrorCreatingVersionFiles.exe, and put it in your TurboTax install directory. Then run that program, and leave the window open, following the prompts that appear. At the end of the installation, do not select the option "I would like to launch TurboTax now." Intuit says this repair program still needs time to work -- wait till the window opened by the fix program closes.


| June 05 | May 05 | Apr 05 | Mar 05 | Feb 05 | Jan 05 | Dec 04 | Nov 04 | Oct 04 | Sept 04 | Aug | July 04| June 04 | May 04 | April 04 | Mar 04 | Feb 04| Jan 04 | Dec 03 | Nov 03 | Oct 03 | Sept 03 | August 03 | July 03 | June 03 | May 03 | April 03 | March 03 | February 03 | January 03 | December 02 | November 02