BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02


View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily


Working with Words


Sardonic Views

Filtering Craig

Hotel Bruce


Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.


What I'm Reading

The Baroque Cycle, by Neal Stephenson

Macromedia ColdFusion MX Web Application Construction Kit


Here is the daily bug, incompatibility or other computer problem from the BugBlog

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. XML The BugBlog uses monthly archives. All the current October bugs will be on this page. Use the links on the left or below to jump back to past months.

Read the Special Report on bugs, fixes, and incompatibilities in Windows XP Service Pack 2

10/29/2004 QuickTime Fix is Extended

Apple says that a bug that may allow BMP images to trigger a buffer overflow in QuickTime has been fixed in more versions of QuickTime. This was originally fixed on Mac OS X platforms in Apple's 2004-09-30 update. Now in the 2004-10-27 update, the fix has been extended so that it covers Mac OS X v10.3.x, Mac OS X Server v10.3.x, Mac OS X v10.2.8, Mac OS X Server v10.2.8, Microsoft Windows XP, Microsoft Windows 2000, Microsoft Windows ME and Microsoft Windows 98.

10/28/2004 Skin Blemish in RealOne Player

There is a bug in the way that RealNetworks RealPlayer 10.5 (release and earlier), RealPlayer 10, and RealOne Player 1 and 2 handle skins files, which are the decorative eye candy that changes the look of the software. It is possible for a website to send a skin file automatically in an .rjs file. If filenames in this file are too long, a buffer overflow may occur that will allow an attacker to run their own programs on a target computer. This won't happen on skins files downloaded from the RealNetworks sites. You can use the RealPlayer Tools, Check for updates command to get a patch for this. While RealNetworks doesn't say anything, it appears that eEye Digital Security discovered this bug. You can read their bulletin at http://www.eeye.com/html/research/advisories/AD20041027.html.

10/27/2004 A Microsoft Fix Breaks Some Music Software

After you install the MS04-032 security patch from Microsoft onto a Windows XP, XP Service Pack 1, Windows 2000 SP3, or SP 4 computer, you may break music software that includes the OpenMG Secure Module. This may include the following music software packages, which may lock up or otherwise work incorrectly: SonicStage; SonicStage Premium; OpenMG Jukebox; VAIO Media; VAIO Media Integrated Server; VAIO Media Music Server; Do VAIO; VAIO Zone; SonicStage Simple Burner; Net MD Simple Burner; MD Simple Burner; music move; MAGIQLIP; MAGIQLIP2; MUSIC PLAYER; BeatJam; BeatJam Music Server; BeatJam Network Player; MemoryCruise; Mulia; StageMaster; INTERJUKE; Sony Pictures Screenblast ACID. You can fix this by applying another Microsoft update on top of the security update. Get this one at http://support.microsoft.com/?kbid=887811 or download directly at http://www.microsoft.com/downloads/details.aspx?familyid=bf04aca3-7c7c-428b-9e59-72057a21021e.

10/26/2004 Opener Can Open Up Mac OS

Mac OS X users now have to start worrying about a virus/trojan attack. It has been called "Opener" and it may shut off the built-in firewall, create a back door on the computer that gives the attacker access to the system, and then it harvests any passwords that are on the system. It appears that "Opener" needs to piggyback into a system through some other vulnerability, and so far is not wide-spread. There's an extended discussion at http://www.macintouch.com/opener.html. According to a story on C Net, Symantec Norton AntiVirus for Mac OS X has been updated to look for it.

10/25/2004 ATI Corrupts Doom 3

If you are playing iD Software's Doom 3 on a Windows XP computer with an ATI Radeon X800 XT graphics card installed, you may get game corruption when playing with low or medium quality settings, and you may get an image that's too dark when you play in high quality mode settings. Also, if you disable the object buffers within the game, you may cause the game to lock up. These have been fixed with the latest update from ATI, the Catalyst 4.10 driver update.

10/23/2004 Updates After XP SP 2 May Cause a Crash

Microsoft says that after installing Windows XP Service Pack 2, you may lock up your computer if you try installing any of these other updates from Microsoft (as noted by their Knowledge Base number): 307154; 842520; 842933; 870997; 883507; 883523; 884020; 884575; 884851; 884868; 885523; 885626; 824838; 883517; 885267; 883529. You may also run into this problem when you install certain filter drivers, such as the Ibmfilter.sys driver. If this crash happens to you, Microsoft says to restart the computer, and then use Add/Remove Programs to remove the update you just installed that caused the crash. Then go to http://support.microsoft.com/?kbid=885894 and download the additional update and install that.

10/22/2004 Windows XP SP2 Security Flaw Via Internet Explorer

There is a bug in the Local Security Zone of Microsoft Internet Explorer 6 running on a Windows XP Service Pack 2 system. The malware.com web site, run by someone with the nom-de-hack of http-equiv, posted news where someone could use the HTML Help control to help bypass the security in the Local Zone. Matched with another bug, which uses drag-and-drop to get hostile code onto a computer, may allow an attack on a Windows XP SP 2 computer. To actually pull off the attack, a victim would need to copy content, possibly disguised as an audio or video file, from a web site. Other experts say the fix for this should be relatively easy. See eWeek at http://www.eweek.com/article2/0,1759,1681218,00.asp for details.

10/21/2004 New SuSE Kernel

SuSE has an updated kernal for SuSE Linux 9.1 and Enterprise Server 9. It fixes a bug that may allow a remote attacker to crash the server via a handcrafted IP packet, if the server's firewall was enabled. It also fixes a bug that may allow a local user to elevate their privileges. Find out more about the update at http://www.suse.de/de/security/2004_37_kernel.html.

10/20/2004 Zip is Open for McAfee

McAfee Antivirus is susceptible to a bug that affects a number of antivirus vendors. The problem, discovered by the security researchers at iDefense, comes from the way that .zip file headers are parsed, and may allow a virus to come in via a .zip file. McAfee points out that the virus would still be caught if it attempted to activate itself, so the flaw is only in the outer line of defense, and is not a total breech. In any case, home users can get an update at http://download.mcafee.com/uk/updates/updates.asp and enterprise users at http://www.mcafeesecurity.com/uk/downloads/updates/dat.asp?id=1.

10/19/2004 WordPerfect Fixes Some Mail Merge Problems

If you are using Corel WordPerfect 12 to do a mail merge, and you are using an ODBC data source, you may run into what Corel describes as "instabilities". That sounds like another word for bugs. These bugs/instabilities have been fixed in WordPerfect Office 12 Service Pack 1.

10/18/2004 MS Office Assistant Characters Missing

Mixing Office 2000/XP and Office 2003 on a computer may mean that your Office Assistant characters turn up missing. (Of course, some of us think this is a Good Thing.) It may happen if you start an Office 2000 or XP program first, and the Office Assistant is active in that program. After that, you start, stop and start an Office XP program, which may result in an error message
There are no Office Assistant character files present on the system. Please run Setup in maintenance mode and install at least one character.
For now, the only workaround is to not do this.

10/17/2004 iSync Loses Some iCal Data

Apple says that if you use iSync to to transfer an iCal calendar to an iPod, the transfer (should we call that an iTransfer?) may not be complete. The last day of a recurring event in iCal may not get sent to the iPod. For now, Apple has this workaround: go to the iPod's Calendar folder (while in iPod's Disk Mode) and delete the calendar; export the calendar directly from iCal to the iPod Calendars folder.

10/15/2004 Shortcut Blocked in Madden NFL 2005

EA Sports says that Madden NFL 2005 does not support the Alt-Tab, Alt-Enter, or Alt-Esc keyboard shortcuts. If you use them, Madden NFL 2005 may crash. That means, if you are playing Madden NFL 2005 at work, you've got to be extra-careful whether the boss is around -- you won't be able to quickly jump over to Excel and pretend you are working.

10/14/2004 Critical Bug in Excel

There is a critical bug in Microsoft Excel 2000, Excel 2002, Excel 2001 for Mac and Excel X for the Mac. Because of this bug, a remote attacker may be able to take complete control of a computer, if you are running with administrative privileges. There are updates for each of these versions of Excel (plus different updates depending on what Service Packs you have installed) available at http://www.microsoft.com/technet/security/bulletin/MS04-033.mspx.

10/13/2004 Big Day for Microsoft Security

Microsoft's monthly security release was huge in October -- ten new bulletins, plus an old one re-issued after changes. Many of them are critical. Full coverage is in the BugBlog Plus, or you can go to http://www.microsoft.com/security/bulletins/200410_windows.mspx to see the carnage for yourself.

10/13/2004 Critical Update for Microsoft Windows

Microsoft has issued a critical security update forWindows. There are updates for Windows NT, Windows 2000, Windows XP SP1, and Windows Server 2003. (Windows 98 and ME are affected, but not critically, so they weren't patched.) Windows XP Service Pack 2 is not affected. This update fixes two new bugs, a shell vulnerability and Program Group Converter Vulnerability, that may allow an attacker to take complete control over your computer. You can follow the links to the updates at http://www.microsoft.com/technet/security/bulletin/MS04-037.mspx. Microsoft credits Yorick Koster of ITsec Security Services, and Roozbeh Afrasiabi for finding the Shell Vulnerability. Note: The BugBlog originally labelled this an Internet Explorer fix, but it is for Windows. The IE fix is in another bulletin.

10/12/2004 Syncing Problems in MSN Money

Microsoft says that if you are having problems synchronizing the cash balance in an investment account between Money 2003 or 2004 and your MSN Money Portfolio, it's because they planned it that way. The synchronization feature for cash balances has been removed by Microsoft from the newer versions of Money. As a workaround, you will need to manually change the cash balance in your MSN Money Porfolio.

This one hits close to home -- PayPal has had several days of intermittent outages after the company did a monthly update. It doesn't seem to be fully fixed, since on the morning of 10/12/04 it wasn't possible to log on to see the BugBlog account. Time to check out other payment systems like Yahoo or Amazon. If you are trying to subscribe and can't, please try again later.

10/11/2004 QuickTime Overflow

Apple says there is a buffer overflow in QuickTime that may allow a malevolent website to run their code on your Mac OS X 10.3.5 or 10.2.8 computer. They could do this by using a specially designed QuickTime media file. This has been patched by Apple in a 9/30/2004 security update, which you can get at http://docs.info.apple.com/article.html?artnum=61798.

10/9/2004 Bug in ASP.NET Opens the Doors

There's nothing that end-users can do, but Microsoft has issued a warning to ASP.NET and Microsoft.NET developers who create applications for the Web. Because of a bug in ASP.NETs canonicalization process, intruders may be able to alter a URL and break into password-protected web sites. Developers who use these tools should check out http://support.microsoft.com/?kbid=887459.

10/8/2004 Stable Spelling in WordPerfect 12

In Corel WordPerfect Office 12, if you turn off Spell-As-You-Go, then the QuickCorrect feature may fail. This has been fixed in WordPerfect Office 12 Service Pack 1. This service pack also fixes some stability problems with the Dictionary.

10/7/2004 Losing Your Protection in Word 2003

Microsoft says there are a couple of instances in Word 2003 where the Track Changes feature gets turned off without you doing it. If you have turned on Protection for Track Changes, you may lose the protection if you do one of the following: use F9 to update a field in a change-tracking comment balloon; or click Insert voice on the Reviewing toolbar, and then insert a voice comment in the Word 2003 document. This has been fixed in the Word 2003 Post-SP1 Hotfix at http://support.microsoft.com/default.aspx?kbid=883946.

10/6/2004 PowerMac G5 Firmware Update

Apple says that the Uniprocessor Firmware Update 5.1.5f1 screws up some 1.6 GHz Power Mac G5 computers. It may cause a kernel panic, or you may lose USB input devices or Bluetooth USB modules, or it may interfere with iTunes audio playback. In some cases, these problems may be caused by non-Apple RAM. In any case, there is a new firmware update, v5.1.5f2, that you can get at http://www.apple.com/support/downloads/powermacg5uniprocessor515f2firmwareupdate.html.

10/5/2004 Netsh.exe Workaround for Service Pack 2

After installing Windows XP Service Pack 2, you won't be able to use Netsh.exe for renaming ports. Microsoft says this is intentional. Instead of renaming a port, Microsoft says you can delete the port and then add it back with the new port name. For more information, see http://support.microsoft.com/?kbid=884908 or http://support.microsoft.com/?kbid=875357.

10/4/2004 The Crash of Doom

If you are slaying demons in id Software's Doom 3, on Windows XP computer with an ATI Radeon X800 video card and ATI CATALYST 4.9 software, you may see Doom lock up if you are running in AGP 4x mode. ATI says it is only an intermittent problem, but as of yet there is no fix.

10/2/2004 AOL IM and the JPEG Bug

There is a virus being transmitted over America Online's instant messaging network that exploits the Microsoft JPEG bug. It's not very sophisticated -- you receive an AOL IM message that sends you to a particular web site. JPEG images at that web site have the malicious code embedded in them. For now, the IM reads "Check out my profile, click GET INFO!" although that can easily change. The images install a back door on your computer that can then be used by the bad guys.

10/1/2004 ZoneAlarm Fixes Some Compatibility Problems

Zone Labs has upgraded ZoneAlarm Pro to version This fixes a bug that was causing problems when you were installing ZoneAlarm on a 64-bit machine that had a 32-bit operating system. It also fixes some compatibility problems with PC-Cillin 2004. You can get the update via the ZoneAlarm Control Center's update feature.

9/30/2004 IE Pop-up Blocker Doesn't Play Favorites

After installing Windows XP Service Pack 2, if you have the Internet Explorer 6.0 Pop-up Blocker settings set to High, the pop-up blocker will block some features of the Microsoft Office Online web site. Clicking the Help link in the upper-right hand corner of that web page normally opens up a Help window, but it is blocked by IE. You can override the pop-up blocker by pressing the CTRL key when you click that link. You can also configure the pop-up blocker to allow pop-ups from Microsoft.com.

9/29/2004 RealOne and RealPlayer Bugs are Cross-Platform

RealNetworks says that there is a bug in RealPlayer 8,10, and 10.5 for Windows, RealOne Player 1 and 2 on Windows, the Mac RealOne Player and RealPlayer 10 Beta, and Linux RealPlayer 10 and Helix Player on Linux. This bug can be used by attackers when you are playing a local RM file to run their code on your system. Real says to get the latest updates, which are at http://www.service.real.com/help/faq/security/040928_player/EN/.



| June 05 | May 05 | Apr 05 | Mar 05 | Feb 05 | Jan 05 | Dec 04 | Nov 04 | Oct 04 | Sept 04 | Aug | July 04| June 04 | May 04 | April 04 | Mar 04 | Feb 04| Jan 04 | Dec 03 | Nov 03 | Oct 03 | Sept 03 | August 03 | July 03 | June 03 | May 03 | April 03 | March 03 | February 03 | January 03 | December 02 | November 02