BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02


View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily


Working with Words


Sardonic Views

Filtering Craig

Hotel Bruce


Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.


What I'm Reading

Macromedia ColdFusion MX Web Application Construction Kit
(so I have a dull life!)


The BugBlog uses monthly archives. All the July bugs will be on this page. Use the links on the left or below to jump back to past months.

The BugBlog is free- but if you want to help support its existence, please make a donation via PayPal using the button at left. Better yet, subscribe to the BugBlog Plus. A three month subscription is only $5. XML

Read the special report on bugs, incompatibilities and other problems in entertainment software and hardware.

7/30/2004 Extra -- Critical Patch for Internet Explorer

Microsoft has released a critical update for Microsoft Internet Explorer, running on Windows NT/2000/XP/Server 2003. Released on a Friday afternoon, instead of their normal Second Tuesday of the month, probably means there's some nasty exploits fixed in this cumulative update. They do say, however, that while this is a cumulative update that replaces MS04-004, it does not include any of the hotfixes released since MS04-004, which was originally released in February. Install the new patch, and you remove all those hotfixes. Because of that, they also have an update rollup at http://support.microsoft.com/?kbid=871260 that includes the hotfixes, plus all these new fixes. I'm sure Microsoft has a reason to approach this in such a complicated way. (Like maybe they secretly want us to all switch to Mozilla, so they won't have to support IE any more!) In any event, full information is at http://www.microsoft.com/technet/security/bulletin/MS04-025.mspx.

7/30/2004 Windows XP and IMAPI CDs

Microsoft says that some third-party Image Mastering API (IMAPI) CD-burning software may create CDs or DVDs that Windows XP has trouble reading. Although the disks have data, when you insert them into the drive Windows XP treats them like a blank disk. Judging by the keywords in the Microsoft Knowledge Base, this is one of the bugs that will be fixed in Windows XP Service Pack 2. (Since SP2 is still pre-release, things may change at the last moment.)

7/29/2004 Two More Certificate Bugs in Mozilla

Mozilla.org says there are two more bugs in the way that Mozilla and Firefox handle security certificates. One bug spoofs the way the lock icon appears in the browser's status bar. This could make it appear that you are dealing with a secure site, when you really aren't. Thus it can be a tool in a "phishing" exploit. (However, there could be other clues that could tip you off that something is wrong - such as the URL showing the actual malicious site.) The second bug could be used to cause error messages any time you go to a secure site, but could not be used in a "phishing" expedition. Mozilla.org has developed fixes, but haven't yet decided how to distribute them. You can follow along with the developer's discussion on fixing this at http://bugzilla.mozilla.org/show_bug.cgi?id=253121.

7/28/2004 Update Flash to Get Updated Help

Macromedia says that all further updates to the Help system in Flash will be in the new Flash 7.2. If you don't upgrade from Flash MX 2004 or Flash MX Professional, you won't be able to get any Help updates.

7/27/2004 MyDoom Is Affecting Emails and Search Engines

The MyDoom mass-mailing worm has come back in a big way. The latest variation will send emails to any addresses found on an infected computer. (Here at the BugBlog, four incoming infected emails were intercepted by Norton AntiVirus yesterday.) It also manages to tie up search engines such as Google, Yahoo, Lycos, and AltaVista with queries. If you are already infected, you can get a removal tool from Symantec at http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html, or from McAfee at http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=127033. Needless to say, make sure your AV signatures are up-to-date.

7/26/2004 ClearType Gets Blurry

While Microsoft ClearType for Microsoft Word 2003 Reading Layout mode is supposed to give you a better display of text on LCD monitors, it may also give you a more blurry view on some CRT monitors. (Microsoft doesn't specify which types, but I would guess they are the older ones.) If it seems to be giving you a blurry display, you can turn it off. However, you need to do that via a Registry edit, there is no simple Word Preference that can turn it on or off. To see how, go to http://support.microsoft.com/?kbid=822509.

7/24/2004 Change Tracking Gets Lost in Word 2003

If you are using the Track Changes feature in Microsoft Word 2003, and you turned it on by using the Tools, Protect document command, it may turn off if you use another Word 2003 feature. Microsoft says that clicking Insert voice on the Reviewing toolbar, and then inserting a voice command, may turn off Track Changes. The only workaround may be to go back and turn Track Changes off, and then turn it back on. For details, see http://support.microsoft.com/?kbid=820588.

7/23/2004 Don't Mix and Match iPod Software, Hardware

Not all iPod software goes with all iPod hardware. According to Apple the iPod software 3.0, released on 7/15/2004, is for iPods that have a Click Wheel. However, iPod 3.0 software won't work with the original scroll wheel iPod, the touch wheel iPods, or the iPod mini. And you shouldn't mix the older iPod 1.1 or 2.2 software with the Click Wheel iPods.

The BugBlog is free- but if you want to help support its existence, please make a donation via PayPal using the button at left. Better yet, subscribe to the BugBlog Plus. A three month subscription is only $5.

7/22/2004 Cisco ONS Edge Optical Transport Platform Loses Its Edge

Cisco says that their Cisco ONS 15327 Edge Optical Transport Platform, the Cisco ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH Multiplexer Platform, and the Cisco ONS 15600 Multiservice Switching Platform are all susceptible to maliciously designed IP packets. Receiving these packets may cause the control cards to reset, which could be used to mount a denial of service attacks. Cisco does point out that these components are often isolated from the Internet, which lessens their vulnerability. However, fixed versions of the software and workaround information are all available at

7/21/2004 A Bugfix Release for OpenOffice

OpenOffice 1.1.2 is available for downloading for free, or course, from the OpenOffice.org website. The final release is identical to the 1.1.2 Release Candidate 3. An extensive list of the bugs fixed in this release is at http://download.openoffice.org/1.1.2/release_notes_1.1.2.html. In most cases, the fixes are minor or limited to a particular platform.

7/20/2004 A New Phishing Attack That Works on IE and Firefox

A British researcher, with a website named zapthedingbat.com, demonstrated a new cross-site scripting technique that may allow more phishing attacks. In this case, script from the attacker is injected onto a web page belonging to an online bank or other site where sensitive information can be discovered. This attack appears to work with both Internet Explorer with Windows XP Service Pack 2 (Release Candidate 2) installed, as well as Mozilla Firefox 0.9.1. You can read more about this at eWeek at http://www.eweek.com/article2/0,1759,1624771,00.asp.

7/19/2004 Latest Version of Bagle Mounts Bigger Attack

The latest reincarnation of the Bagle or Beagle virus has been turning up with greater frequency starting around 7/16 or so. It comes in via an email attachment, and then attempts to turn off security software processes such as firewalls and antivirus programs. It then harvests email addresses and then contacts a number of compromised web servers in Germany. (According to one story, this list of web servers is up to 141.) After the virus infects your computer, it will email a copy of itself to all the email addresses it can find on your hard drive. You can read Symantec's summary at http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ab@mm.html.

7/18/2004 Mac OS X 10.3.4 Handles Long URLs in Mail

Apple says that the Mac OS X 10.3.4 update fixes a problem that the Mail reader has with long URLs in emails. As most people know, a URL that wraps to a second or third line may not work when clicked. Instead, the URL gets chopped at the line break. However, Apple says that this has been fixed in 10.3.4.

7/17/2004 Dreamweaver Markup Tool Gets Marked Down

Dreamweaver MX 2004 has a handy Validate Markup tool that looks for invalid XHTML code on a web page. Unfortunately, it misses a number of items, such as missing DTDs, ALTs, and image height or width attributes. Macromedia says this happens in both Dreamweaver MX 2004 7.0 and 7.0.1.

7/16/2004 Already a Patch for one of Microsoft's July Security Patches

There is already a hotfix for the security patch released with Microsoft's MS04-024 bulletin, released on 7/13/04. This patch, which is officially labelled Security Update 839645, may trigger sharing violations on network shares, may increase network traffic, and may give confused ToolTips. If you installed the new security patch and started to get these problems, you may may want to contact Microsoft Technical Support and ask for the hotfix, which is described in Knowledge Base article 871242. Note that they may charge you for this call.

The BugBlog is free- but if you want to help support its existence, please make a donation via PayPal using the button at left. Better yet, subscribe to the BugBlog Plus. A three month subscription is only $5.

7/15/2004 Worm Tries to Hide By Sleeping

Anti-virus companies are saying that one of the latest mass-mailing worms, called Atak, tries to sleep if it thinks anti-virus software is looking for it. There are some quotes at ZD Net at http://zdnet.com.com/2100-1105-5267258.html, and Symantec's analysis is at http://securityresponse.symantec.com/avcenter/venc/data/w32.atak@mm.html, but it doesn't appear they have gotten the whole story on this worm yet.

7/14/2004 Bug Tracking Software Has Its Own Bugs

There are a number of security bugs in Bugzilla, the bug tracking software developed by Mozilla.org. In Bugzilla 2.16, there is an SQL injection bug, plus some problems of insufficient data validation, and problems of unprivileged access to names of restricted products. These bugs have all been fixed in Bugzilla 2.16.6. Get the update plus details at http://www.bugzilla.org/security/2.16.5/.

7/13/2004 Part B: Seven Microsoft Security Updates Released

Two Critical Updates (one for NT/2000/XP and one for 98/ME/2000/XP/Server 2003) four Important updates, and one Moderate one. The full writeups will be in the BugBlog Plus this afternoon. You can find out more from Microsoft at http://www.microsoft.com/security/bulletins/200407_windows.mspx.

7/13/2004 Registry Error Trips Up MS Small Business Server Update

If you try to install Microsoft Small Business Server (SBS) 2000 Service Pack 1 on a SBS computer for the first time, you may see this error message
Service Pack 1 can only be installed on Small Business Server 2000.
According to Microsoft, a bad value may have been recorded in your Registry at HKEY_LOCAL_MACHINE\Software\Microsoft\BackOffice, that prevents the installation of the service pack. You can edit the Registry to fix this, but it is important to read the procedures and safeguards involved at http://support.microsoft.com/?kbid=839502.

7/12/2004 Microsoft Word, MSN Messenger and Shell: Attacks

Security researcher Jesse Ruderman reports that Microsoft Word and MSN Messenger are both susceptible to the security weakness in the Windows "shell:" functionality. A carefully constructed link in a Word document or MSN message may trigger an attack. (This weakness is similar to the one in Mozilla reported July 8 and patched July 9.) As of yet, there seems to be no report or fix from Microsoft, although something may be released soon. A limited report is available at the Secunia web site at http://secunia.com/advisories/12042/. As a workaround, be very hesitant about following links in either Microsoft Word or MSN Messenger.

7/10/2004 Lotus Notes 6 May Allow Attack

There is a bug in Lotus Notes 6.0.x and Notes 6.5.x that may allow attackers to remotely execute code on a Notes workstation. The bug was discovered by Jouko Pynnonen, in association with iDEFENSE, and their full report is at http://www.idefense.com/application/poi/display?id=111&type=vulnerabilities. This bug has been patched in Notes 6.0.4 and in 6.5.2. There are also workarounds to prevent it if firewalls are used to prevent Internet sharing.

The BugBlog is free- but if you want to help support its existence, please make a donation via PayPal using the button at left. Better yet, subscribe to the BugBlog Plus. A three month subscription is only $5.

7/9/2004 Fast Fix for Mozilla Flaw

A security flaw that affects all browsers on the Windows operating system was announced on July 7. A bug in the shell: external protocol handler may allow attackers to use this as a way to run their own code on the system. Within 24 hours, the Mozilla Foundation at Mozilla.org released fixes for Mozilla 1.7, Firefox 0.91, and Thunderbird 0.7. Users of these programs should go to http://www.mozilla.org/security/shell.html and either download a patch that will make a configuration change to protect their system, or download full program updates (Mozilla 1.7.1, Firefox 0.9.2, Thunderbird 0.7.2) that also fixes this bug.

7/8/2004 Lovgate Virus Picking Up Steam

The Lovgate virus/mass-mailing worm is getting more attention from anti-virus researchers, who are seeing more instances of it. While the worm, which targets Windows computers, doesn't destroy your data, it does tend to copy itself into .exe files that it finds, which means those files, which may be your word processing applications, spreadsheets, games, etc, won't work any more. You can see more from Symantec at http://securityresponse.symantec.com/avcenter/venc/data/w32.lovgate.ab@mm.html or from McAfee at http://vil.nai.com/vil/content/v_126568.htm.

7/7/2004 Terminal Server Interferes with MS Office Clipboard

Microsoft says that if you connect to a Windows Server 2003 server that is running either Terminal Server or Remote Desktop for Administration, you may lose the ability to copy and paste items in Microsoft Office 2003. While you can copy to the clipboard, you may not be able to paste, and you will see this error message
Cannot empty clipboard.
Microsoft has a hotfix for this, which will be in a future Windows Server 2003 service pack. If you can't wait for the fix, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 840872. Note that you may be charged for this call.

7/6/2004 Adobe 5 Plug-In Fix

Adobe has an Acrobat 5.0.10 plug-in update that fixes a bug that may allow malicious code to be run from a PDF document. This fix is for the full Acrobat program. Adobe says the flaw is theoretical at this time, there haven't been any confirmed exploits. There is no fix for the Acrobat 5 reader. Instead, Adobe says users should do the free update to Adobe Reader 6, which doesn't have the bug.

7/5/2004 How to Exorcise an iDisk Ghost

Apple says that you may have problems disconnecting an iDisk properly. A "ghost" iDisk (that's their term) may stay with the computer, even after removing the iDisk and rebooting the computer. Here's what you need to do to exorcise (that's their term again) the ghost: Restart the computer, but don't access the iDisk; at the Go menu, choose the Go to Folder; when a window appears type /Volumes/ and click Go. When a new window appears, look for any volumes with the generic names username, username-1, etc. Get rid of them by dragging them to the Trash icon, and then Empty Trash. It may help to chant "The power of Steve Jobs commands you" while doing all this, but it is not necessary.

The BugBlog is free- but if you want to help support its existence, please make a donation via PayPal using the button at left. Better yet, subscribe to the BugBlog Plus. A three month subscription is only $5.

7/3/2004 Cisco Collaboration Server Allows Too Much Collaboration

Cisco says that versions of their Cisco Collaboration Server (CCS) before 5.0 have a ServletExec with a security bug. Unauthorized users may be able to upload files and get other administrative privleges using this flaw. There is an authomated script at http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml that will patch this.

7/2/2004 Sending Email in Microsoft Outlook May Corrupt Registry

Sending emails in Microsoft Outlook 2003 may end up corrupting your Registry. It can happen in this way: Right click on something, select Send To, and select Mail Recipient (this assumes, I guess, that Outlook is your default email application, but they don't specify this); wait at least 24 hours; send a second email message in the same way. After doing this, when you open Outlook 2003 or the Outlook 2003 Add-In Manager, you may see this error message:
Error in registry for extension "Exchange Extensions;?".
The syntax or format of the registry entry is incorrect. Check the registry settings and compare the registry for this extension to other extensions in the registry.

Microsoft has fixed this in the Outlook 2003 hotfix package of 3/2/2004. However, to get that hotfix, you either need to wait for the next service pack, or contact Microsoft Technical Support and ask for that hotfix. Note that you may get charged for this call.

7/1/2004 Unreal really has a bug

A bug in the Unreal Engine may allow buffer overflows and attacks on servers. The Unreal Engine is used in the following games, which may be affected: DeusEx (build 1.112fm and earlier); Devastation (build 390 and earlier); Mobile Forces (build 20000 and earlier); Nerf Arena Blast (build 1.2 and earlier); Postal 2 (build 1337 and earlier); Rune (build 107 and earlier); Tactical Ops (build 3.4.0 and earlier); TNN Pro Hunter; Unreal 1 (build 226f and earlier); Unreal II XMP (build 7710 and earlier); Unreal Tournament (build 451b and earlier); Unreal Tournament 2003 (build 2225 and earlier); Unreal Tournament 2004 (before build 3236); Wheel of Time (build 333b and earlier); X-com Enforcer. According to security researchers Secunia, this bug has been fixed in Unreal Tournament 2004 (build 3236 and later). They give credit to Luigi Auriemma for finding this bug. See http://secunia.com/advisories/11900/ for the details.

6/30/2004 Adobe Tightens Acrobat Security

Adobe has an update for both their full Acrobat program and the Acrobat Reader. The Acrobat 6.0.2 update include "Security update to further restrict malicious code execution" although they are not forthcoming about the details. (The real bad guys probably already know how to break in to a PDF, but they don't want the script kiddies to know, too.) The Windows and Mac versions of both are at http://www.adobe.com/support/downloads/main.html.

6/30/2004 US CERT Suggests Different Browsers

It's not just the BugBlog saying you should use Mozilla instead of Microsoft Internet Explorer. Now, US-CERT suggests you may want to use a different web browser, too. (They don't specify Mozilla.) As they say at http://www.kb.cert.org/vuls/id/323070, "There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different web browser." Of course, it won't give you total security (IE is deeply embedded in Windows systems) and some sites function correctly only with IE. (Microsoft has an excuse, of course, but what about all you other sites? You need to test for cross-browser compatibility.)


| June 05 | May 05 | Apr 05 | Mar 05 | Feb 05 | Jan 05 | Dec 04 | Nov 04 | Oct 04 | Sept 04 | Aug | July 04| June 04 | May 04 | April 04 | Mar 04 | Feb 04| Jan 04 | Dec 03 | Nov 03 | Oct 03 | Sept 03 | August 03 | July 03 | June 03 | May 03 | April 03 | March 03 | February 03 | January 03 | December 02 | November 02