BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02


View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily


Working with Words


Sardonic Views

Filtering Craig

Hotel Bruce


Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.


What I'm Reading

The Baroque Cycle, by Neal Stephenson

Macromedia ColdFusion MX Web Application Construction Kit


Here is the daily bug, incompatibility or other computer problem from the BugBlog

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. XML The BugBlog uses monthly archives. All the current December bugs will be on this page. Use the links on the left or below to jump back to past months.

Read the Special Report on bugs, fixes, and incompatibilities in Windows XP Service Pack 2

12/31/2004 Last Bug of the Year is Another IE Problem

The Trojan.Phel.A is a new Trojan horse program that appears to target Windows XP Service Pack 2 computers via an already-known bug called the Internet Explorer HTML Help Control Local Zone Security Restriction Bypass Vulnerability. You can read the details about it from Symantec at http://securityresponse.symantec.com/avcenter/venc/data/trojan.phel.a.html. It would appear from published reports that this vulnerabiltiy, through IE HTML Help, is different from the one reported 12/27 in the BugBlog. Symantec has updated their virus definitions to look for this. A complete fix is available at http://www.mozilla.org.

12/30/2004 Novell Fixes a CIFS Problem

Novell says that some network security/port scanners could lock up some NetWare 5.1 and NetWare 6.0 servers if those servers were running CIFS.NLM. Novell has an updated CIFS (Common Internet File System) that should fix this. Get the update in the file cifspt6.exe at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970488.htm.

Today's BugBlog Plus has five more bugs and fixes from Microsoft, Mozilla and Netcraft.

12/29/2004 Microsoft COM + 1.0 Rollup Fixes RPC/DCOM Rollup Bug

Microsoft has a Windows 2000 Post-Service Pack 4 COM + 1.0 Hotfix Rollup Package available. This is package number 31, and one of the bugs it fixes is one that may prevent you from using Windows Backup on a Windows 2000 SP3 or SP4 computer. This bug was itself introduced in the Cumulative Update for Microsoft RPC/DCOM, and is only triggered if you do a clean install of Windows 2000. The COM + Rollup is only available for now by contacting Microsoft Technical Support, which means that you may get charged for this fix. See http://support.microsoft.com/?kbid=888000 for details.

Today's BugBlog Plus has eight more bugs and fixes from Apple, Mozilla, Novell, Sun Microsystems, and Symbian.

12/28/2004 Windows Server 2003 Problems with USB Mouse

Microsoft says that a USB mouse may sometimes cause problems when it's used on a Windows Server 2003 computer. This includes the mouse sucking up 100 percent of CPU time when you move it, problems when coming back from standby or hibernation, or problems recognizing it as a USB 2.0 device. For now, Microsoft does not have a fix. Similar problems with USB mice on Windows 2000 and XP were ultimately fixed in service packs for each OS.

Today's BugBlog Plus has nine more bugs and fixes from Apple, IBM, Mandrake, Microsoft, Mozilla, and Novell.

12/27/2004 Another Attack Against Internet Explorer

Details of a new way to assault Microsoft Internet Explorer have been posted to the Full Disclosure mailing list. This attack can be done even against computers upgraded to Windows XP Service Pack 2, and can be done without user intervention (Edit 12/28: to be attacked, you will need to visit a malicious web page, although you won't have to click or do anything on that page.) It would appear that the attack makes use of known problems with Microsoft's Active X technology, and can be used to place a file in a computer's Startup folder. You can read a news account at eWeek at http://www.eweek.com/article2/0,1759,1745693,00.asp. Nothing official from Microsoft yet. One workaround is to use Mozilla or Firefox.

12/23/2004 No BugBlogging Dec 24-26

There will be no BugBlog updates Dec 24-26. The next update will be Dec 27.

12/23/2004 Movable Type Comment Spam Bug Fixed

Six Apart has released Movable Type 3.14. This update fixes a bug that was causing big server loads due to comment spam. The servers were being hit even if comments were being blocked from showing up on the blogs. Blogs and bloggers who want to update should be able to update from their Movable Type account, or else go to http://www.movabletype.org/.

12/22/2004 Red Hat Delivers New Kernel and Many New Packages

Everyone dreams of many packages under the tree at Christmas. Red Hat made sure of that, big time, as they released over eighty package updates on 12/20 and 12/21. The most significant update is probably the kernel -- where they have released the fourth regular update for Red Hat Enterprise Linux 3. This release includes many bug fixes that should deliver "a marked improvement in the reliability and scalability". The kernel package is at https://rhn.redhat.com/errata/RHBA-2004-550.html. The BugBlog Plus will cover some of the other significant upgrades.

Today's BugBlog Plus has six more bugs and fixes from Apple, Microsoft, Novell, PHP, and Red Hat.

12/21/2004 Google Desktop Search Could Allow Some Spying

There is a bug in the Google Desktop Search that may enable a hostile web site to see some of the search result summaries that you generate. This may give attackers clues to enable further attacks. To be vulnerable, you would need to visit a website that has a certain Java applet embedded in the page. Google has a fix, which is being supplied through auto-updates. To see if you have the update, click the About icon on the Google Desktop Search task bar. If your version number is 121004 with a date of 12/10/2004 or greater, you have the update. The bug was found by computer sciences professor Dan Wallach and two graduate students at Rice University's Computer Security Lab.

Today's BugBlog Plus has six more bugs and fixes from Apple, Microsoft, nVidia, and a general warning about WiFi security.

12/20/2004 Default Passwords Trip Up Cisco Unity

Cisco says their Cisco Unity 2.x, 3.x and 4.x communications product, when integrated with Microsoft Exchange, ships with a number of default username and password combinations. One of these is an administrative account with high privileges. Needless to say, these combinations may become known and unauthorized users may be able to snoop into accounts and to change settings on the Unity systems. The workaround is simple -- change these default passwords to something much stronger. Get the list of these accounts, and more details, at http://www.cisco.com/en/US/products/products_security_advisory09186a008037cd59.shtml

Today's BugBlog Plus has eight more bugs and fixes from Apple, Cisco, Mandrake, Microsoft, Novell, PHP and Veritas.

12/17/2004 Special: Bug in the Windows XP SP2 Firewall

Microsoft has released a critical update for Windows XP Service Pack 2. They have found that if you are using the Windows Firewall included in SP2 and you make a dial-up connection to the Internet, you may be inadvertantly allowing file and print sharing with the entire Internet. If you have Windows XP Service Pack 2 installed, you will need to get the KB886185 update from http://windowsupdate.microsoft.com/.

12/17/2004 Another IE Cross-Site Scripting Bug

The Security researchers at Secunia have posted details on another bug in Microsoft Internet Explorer. In this case, a bug in the DHTML Edit ActiveX control may allow a cross-site scripting attack, which may allow a malicious website to put script into another browser session. They say this affects fully patched systems with Windows XP Service Pack 1 and Service Pack 2. Secunia credits this find to Paul from greyhats, and has also posted a test at http://secunia.com/advisories/13482/, to see if you are vulnerable.

Today's BugBlog Plus has seven more bugs and fixes from Apple, Microsoft, and Red Hat.

12/16/2004 Mac OS X 10.3.7 Fixes Some Connection Problems

Apple says that if you have Mac OS X 10.3.5 or 10.3.6 installed, along with the Apple 2004-09-30 Security Update, you may have some sporadic connection issues with Safari, Mail or any other networking applications. The problems are with the DNS lookups. This has been fixed with the Mac OS X 10.3.7 update.

12/15/2004 eBook Attack Via an Adobe Acrobat Reader Bug

The Adobe Acrobat 6.0.2 Reader (and possibly earlier versions and the full Adobe Acrobat, too) has a security bug that may allow an attacker to run their own code on your system. The attack would be mounted via an .etd file, which is a file that Acrobat uses in eBook transactions. Filling certain fields in that file with a certain string of characters may trigger the attack. The security researchers at iDefense found this bug. They have a workaround, which is to delete \Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\eBook.api. Doing that also means Acrobat won't be able to read iBooks. For a fix, upgrade the free Adobe reader to version 6.0.3. The Windows version is at http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679.

Today's BugBlog Plus has nine more bugs and fixes from Apple, ATI, Microsoft, and Red Hat.

12/14/2004 Symantec LiveUpdate Bug Allows Local Attacks

Older versions of Symantec LiveUpdate may have a security bug that may allow for some local attacks. The problem occurs in: Windows LiveUpdate prior to v2.5; Norton SystemWorks 2001-2004; Norton AntiVirus and Pro 2001-2004; Norton Internet Security and Pro 2001-2004; Symantec AntiVirus for Handhelds Retail and Corporate Edition v3.0. If these products are installed on a multi-user computer where some users have restricted privileges, the users with lower privileges may be able to exploit a bug in the LiveUpdate GUI to gain higher privileges. This bug cannot be exploited by a remote attacker. See http://www.sarc.com/avcenter/security/Content/2004.12.13a.html for update information. Symantec credits Secure Network Operations for finding this bug.

Today's BugBlog Plus has six more bugs and fixes from Microsoft and Sun Microsystems.

12/13/2004 Office 2003 Flips Over Scanned Images

If you try to insert a picture into a Microsoft Office 2003 document directly from a scanner, you may end up with an upside-down image. (Even if you put the picture right-side up in the scanner.) Microsoft says that there may be some additional distortion in the image, too. They have a post-Service Pack 1 hotfix for this, which they released on 1124/2004, and will be included in a future service pack. If you get lots of flipped images, and can't wait for the fix, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 890064. Note that you may be charged for this call.

Today's BugBlog Plus has six more bugs and fixes from Apple, ATI, Microsoft, and Opera.

12/10/2004 Red Hat Fixes ImageMagick Buffer Overflow

Red Hat has patched a buffer overflow in the ImageMagick package for Red Hat Enterprise Linux 2 and 3. This bug may allow an attacker to make an image file with bad EXIF information. When this image is then processed in the X Window system, it could run the attacker's code. This new update also fixes a previous patch for this package for a heap overflow bug. The earlier fix still left a hole that could be exploited by an attacker. Red Hat credits David Eisenstein for finding this. You can get the update at https://rhn.redhat.com/errata/RHSA-2004-636.html.

Today's BugBlog Plus has seven more bugs and fixes from Macromedia, Microsoft, and Novell.

12/9/2004 Adobe Encore Fixes Speed Indicator

Adobe says that in Adobe Encore DVD 1.5, sometimes the DVD burn speed that is displayed for DVD burners is wrong. This has been fixed in the Encore DVD 1.5.1 update. Get it at http://www.adobe.com/support/downloads/detail.jsp?ftpID=2663.

12/8/2004 Multiple Browser, Multiple Platform Browser Vulnerability

The researchers at Secunia have posted a series of alerts that affects multiple browsers on multiple operating systems. A malicious website may be able to hijack a named browser window, even if that window was initially created by some other website. They say that this affects Microsoft Internet Explorer, Mozilla and Mozilla Firefox, Apple Safari, Opera, and Konqueror. This spans Windows, Mac OS X, and Linux/Unix. They have set up a test page to see if your browser is vulnerable at http://secunia.com/multiple_browsers_window_injection_vulnerability_test/, if you care to test it. There are no fixes or confirmations from the companies yet.

Today's BugBlog Plus has eight more bugs and fixes from Apple, Microsoft, Novell, and Sun Microsystems.

12/7/2004 Official Release for Mozilla Thunderbird

The Mozilla Organization has released Thunderbird 1.0, the official release of their email-only program, and companion to Firefox, the stand-alone browser. If you upgrade to it over a pre-release (beta) version of Thunderbird, it will disable all your extensions and themes. It will then automatically check whether they are compatible with the new version, or whether there are updates available. You can get the new release at http://www.mozilla.org/products/thunderbird/releases/

Today's BugBlog Plus has seven more bugs and fixes from EA Games, Mandrakesoft, Microsoft, and Mozilla.

12/6/2204 Critical Bug Fix for Winamp

NullSoft has released Winamp 5.07. This version of the music player fixes a critical security bug in the .m3u handler and in in_cdda.dll. It also fixes some problems with the proxy settings and the installer. Also, the version number should get reported correctly. You can get either the free or pro ($) version at http://www.winamp.com/player/.

Today's BugBlog Plus has six more bugs and fixes from Apple, IBM, Macromedia, Novell and PalmOne.

12/4/2004 Mac OS X Buffer Overflow in Postscript Conversion

Apple's 2004-12-02 Security Update for the Mac OS 10.3.6 and 10.3.6 Server fixes a bug in the PSNormalizer. This bug allows a buffer overflow in the PostScript to PDF conversion. This might be exploited by an attacker that would then allow hostile code to be run on the computer. This bug does not affect Mac OS X 10.2.8.

12/3/2004 HTTP Bug in Windows XP Service Pack 2

Microsoft says that a bug in Http.sys may cause either Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005 or Windows Server 2003 to crash. You may get this error message
This will happen if you have TDI filter drivers installed (these typically come with antivirus or firewall programs) and these drivers respond with STATUS_PENDING to particular TDI input/output requests. Microsoft has a hotfix available for download for Windows XP Service Pack 2. Get it at http://support.microsoft.com/?kbid=887742.

Today's BugBlog Plus has five more bugs and fixes from Apple, Cisco, Macromedia and Sun Microsystems.

12/2/2004 Critical Update for Internet Explorer

Microsoft has released a critical security update for Windows NT, Windows 2000, and Windows XP Service Pack 1. The fix in Microsoft Security Bulletin MS04-040 is a cumulative update for Internet Explorer, and replaces the cumulative update that was in MS04-038. This update fixes a bug that may allow a remote attacker to take complete control of your system. It's marked critical by Microsoft, and was released earlier than their once a month second Tuesday schedule. Find the links to the fixes for your version of Windows at http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx. However, you should not install this if you have installed hotfixes received from Microsoft since MS04-004 or MS04-038. You should deploy update 889669 instead.

Today's BugBlog Plus has five more bugs and fixes from Microsoft, Red Hat and about spyware.

12/1/2004 Microsoft WINS Could Cause Loss

The security researchers at ISS have documented a bug in Microsoft's Windows Internet Naming Service (WINS) server. There is a buffer overflow that may allow a remote attacker to run their own code on the WINS server. Note that the WINS server is not installed by default by any Windows servers or clients. There are no fixes yet, but Microsoft acknowledges that they are working on this at http://support.microsoft.com/kb/890710. ISS suggests as a workaround that you block 42/TCP port and 42/UDP port on your network perimeter.

Today's BugBlog Plus has ten more bugs and fixes from Apple, Macromedia, Microsoft, Novell, and Sun Microsystems.

11/30/2004 Timestamp Problems in Windows Media Player

Microsoft says that a change in timestamps may cause a misstep in Windows Media Player. If you are playing content from a Windows Media Player 10 server or from a Windows Media Player 9 Series server with Fast Cache enabled, and the client gets a sample with a timestamp that has increased more than five minutes from the timestamp of the previous sample, you may get this error message
0xC00D002F: Invalid or corrupt data was encountered.
Microsoft has fixes available for the Windows Media Player 9 and 10 for Windows XP, as well as the Windows Media Player 9 for Windows 2000, XP and Server 2003. Get them at http://support.microsoft.com/?kbid=887078.

Today's BugBlog Plus has five more bugs and fixes from Apple, Microsoft, Sun Microsystems, Novell SuSE, and Symbian.

11/29/2004 Power Mac Digital Speakers Interfere with Internal Speaker

Apple says that if you connect digital speakers to a Power Mac G5, you won't be able to mute the internal speaker. Going to Sound preferences and checking the mute option doesn't work. However, they say that you can go to Sound Preferences and set the internal speaker's volume to Low, which should work. (Digital speakers are those that use the optical Digital Out audio port with Toslink cables.)

Today's BugBlog Plus has six more bugs and fixes from Adobe, Microsoft, Sun Microsystems and Novell SuSE.


©2004 BJK Research LLC. Individual items from this page can be reprinted or reused, if the item is copied in full and a link is given back to this page.



| June 05 | May 05 | Apr 05 | Mar 05 | Feb 05 | Jan 05 | Dec 04 | Nov 04 | Oct 04 | Sept 04 | Aug | July 04| June 04 | May 04 | April 04 | Mar 04 | Feb 04| Jan 04 | Dec 03 | Nov 03 | Oct 03 | Sept 03 | August 03 | July 03 | June 03 | May 03 | April 03 | March 03 | February 03 | January 03 | December 02 | November 02