BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
XP SP2
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02

XML

View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily

Cleve-blog

Working with Words

Gassho

Sardonic Views

Filtering Craig

Hotel Bruce

Blogcritics.org

Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.

Blogcritics

 

 

BugBlog

Here is the daily bug, incompatibility or other computer problem from the BugBlog

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. XML The BugBlog uses monthly archives. All the current October bug are here. Use the links on the left or below to jump back to past months.

11/1/2005 Apple Update Fixes SMB Bugs

Some bugs with SMB volumes have been fixed in Apple's Mac OS X 10.4.3 update. Without the update, if an SMB volume is unmounted, you may not be able to get it to mount up again. In addition, Finder wasn't always able to connect to an SMB volume; this has also been fixed by the update.

10/31/2005 AIM May Deliver a Root Kit

A nasty bit of malware may get loaded onto your computer if you click on a wrong link in AIM, America Online's Instant Messenger service. Security researchers at FaceTime Communications say that when you click on the worm link, you will get some common spyware applicatons, the Sdbot Trojan, and a root kit. The latter is the worst, since it is designed to be undetected by security software. Be extra cautious about following any links in an IM, even if they come from one of your buddies. They may have already been infected and the message could have gone out without their knowledge. Read more at http://news.zdnet.com/2100-1009_22-5920403.html.

10/29/2005 Adobe Acrobat May Corrupt MS Word

After installing Adobe Acrobat 7 for Windows, users might have problems starting Microsoft Word, which may crash with this error message
Microsoft Visual C++ Runtime Library. Runtime Error! Program: C:\Program Files\Microsoft Office\Office10\Winword.exe
Then anytime you try to start Word after that, according to Adobe, it tries to start in Safe Mode. Adobe has a number of possible solutions for this, starting with installing the Acrobat 7.0.5 update. See all the details at http://www.adobe.com/support/techdocs/331273.html.

Today's BugBlog Plus has six more bugs and fixes for Apple, Google, Macromedia, RIM, and Symantec. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

10/28/2005 Lost Your Toolbar in Internet Explorer?

After trying out some third-party toolbars (or after getting stuck with some spyware) you may want to move back to the default Microsoft Internet Explorer or Windows Explorer toolbars. However, you may not be able to find or restore the defaults. A Registry edit may be what is needed to fix this. To see the details, as well as some safety precautions when editing the Registry, see http://support.microsoft.com/kb/555460.

Today's BugBlog Plus has six more bugs and fixes for Apple, Google, Microsoft, Oracle, and Red Hat. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

10/27/2005 Root Kits Are Not A Good Thing

Root kits are a type of malware that hide in the root, or most basic part, of your computer. What makes root kits especially nasty is that, because they are in the root, can often hide their traces from AV and spyware software. C Net's Security Watch gives the basics on them in Root Kit 101. Read the whole thing at http://reviews.cnet.com/4520-3513_7-6361348-1.html.

10/26/2005 Two Bugs Bite Skype

Two bugs have been reported in Skype, the Internet calling software. The first one can be exploited to crash Skype. The second is a buffer overflow in the way it handles some URIs and vCards, and may allow an attacker to run their own code on your system. These are cross-platform bugs that affect Windows, Mac, and Linux versions of Skype. Updates that fix these bugs have been released and are available at http://www.skype.com/download/. Skype credits Mark Rowe
of Pentest Limited, and the EADS Corporate Research Center for finding these bugs.

Today's BugBlog Plus has ten more bugs and fixes for Apple, IBM, Microsoft, Mozilla, Novell, and Red Hat. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

10/25/2005 Pro Update For Apple Software

Apple has a Pro Applications update available for all their Professional line of applications, including Final Cut Studio, Final Cut Pro 5, Motion 2, Soundtrack Pro, DVD Studio Pro 4, LiveType 2, Compressor 2, Apple Qmaster 2, and Final Cut Express HD 3. It will fix some incompatibilities when moving from PAL to NTSC transcoding, and also some image jitter problems when using Compressor. Read more at http://docs.info.apple.com/article.html?artnum=302323.

Today's BugBlog Plus has six more bugs and fixes for Adobe, Microsoft, Symantec, and Yahoo. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

10/24/2005 Windows Media DRM Does Some Double Counting

The Microsoft Windows Media Digital Rights Management (WMDRM) system in Windows Media Player 10 is supposed to "protect" your media files by monitoring how many times they get transferred to a portable device. (The "protection", of course, is for the media companies, and aimed at you.) Microsoft says that sometimes WMDRM will count a download twice instead of once, with the TransferCount property going down by two for a single download. Microsoft has a hotfix for this. Download it at http://support.microsoft.com/kb/887626.

Today's BugBlog Plus has five more bugs and fixes for Apple, Cisco and Microsoft. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

10/23/2005 Problems with Oracle's Patch Fest (Patchapalooza?)

If you haven't yet started installing the patches that Oracle released last week (covered in the 10/18 BugBlog Plus), move that task up your To-Do list. There are already exploits circulating that will take advantage of some of the bugs fixed by the 23 patches. But wait --there's more. Security researcher David Litchfield of NGSS Ltd says that the patch has not fixed everything, "some of the flaws Oracle told me were being fixed, remain exploitable." Read more at http://www.eweek.com/article2/0,1895,1874134,00.asp.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Cisco and Microsoft. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

10/21/2005 Local Attacks Possible via Norton AntiVirus for Macs

Security researchers at iDefense found a bug in Symanted Norton AntiVirus for Macintosh 9. This bug may allow local attackers to gain System Administrator privileges, and from there completely take over a computer. It's probably not an issue for a home user, but it is in multi-user settings. Symantec has an update available via LiveUpdate to fix this. Read the details at http://www.symantec.com/avcenter/security/Content/2005.10.19.html.

10/20/2005 Acrobat Corruption Gives You the Boot

Try to exit Adobe Acrobat 7, and you may see this error message
The application is being terminated because of memory corruption.
Although you were leaving anyway, this is still something you may want to clean up. Adobe has four possible fixes and workarounds for this, one of which is to install the Acrobat 7.0.5 update. Get all your options at http://www.adobe.com/support/techdocs/331958.html.

10/19/2005 New Bug Found in Windows Media Player and IE

Security researchers at eEye have discovered a bug that affects both Microsoft Windows Media Player and Internet Explorer. This affects the software on most versions of Windows, including Windows 2000, Windows XP Service Packs 1 and 2, Windows Server 2003 Service Pack 1. They say that remote attackers may be able to exploit it to run their own code on targeted computers. eEye did not disclose details to anyone but Microsoft, but says the bug can be activated by opening the wrong file or going to the wrong website. Also, it's not related to any of the bugs in the October security patches. Microsoft is investigating.

Today's BugBlog Plus has seven more bugs and fixes for Apple, Microsoft, Snort, and Sun Microsystems. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

10/18/2005 Macs Sharing an Inkjet Need Same Driver

When a Mac OS X 10.2 or later computer is sharing an HP inkjet printer with another Mac OS X computer, Apple says to make sure that both computers are using the same printer driver. If they are using different drivers, you still may be able to do basic printing, but you won't be able to use some of the more advanced features of the printer. Not sure which printer driver to use? Go to http://www.hp.com/country/us/en/support.html?pageDisplay=drivers and get the newest one available, and install it on all the printers.

Today's BugBlog Plus has five more bugs and fixes for IBM, Microsoft, and Oracle. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

10/17/2005 Problems with the MS05-051 Update

Microsoft says that their MS05-051 critical security update may cause problems if it is installed on Windows XP, Windows 2000 Server or Windows Server 2003. This update had been marked Critical by Microsoft, who had urged users to install it immediately. If users had previously changed the default permissions to the COM+ catalog, after installing this update they may have problems starting the Windows Firewall, COM+ EventSystem, or Windows Installer Service. Also, the Network Connections folder may be empty, and you may have problems with the Windows Update website. As a workaround, you will need to switch back to the default permissions for COM+. See http://support.microsoft.com/kb/909444 for the details.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Microsoft, Mozilla and Oracle. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

10/16/2005 A Hotfix May Trip Up Windows XP Media Center Update

If you want to install the Windows XP Media Center Edition 2005 Update Rollup 2, you must have the Microsoft .NET Framework 1.1 and .NET Framework 1.1 SP1 installed. If you don't Microsoft says that Windows Update will detect this and install the packages for you. On the other hand, you can't have the Microsoft 886904 update installed. If you have that, you need to uninstall it. Go to http://support.microsoft.com/kb/900325/ to locate how to find and uninstall this hotfix.

Today's BugBlog Plus has six more bugs and fixes for Adobe, Microsoft, and Symantec. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

10/14/2005 Apple Gets Fax Numbers Confused

In Apple Mac OS X 10.4, if you are manually typing a fax number into the To: field, and the first part of the number being typed in is the same as another number already in your Address Book, the Fax application may get confused. Apple says that letters may get added or replace some of the numbers you type. For now the only workaround is to pay attention -- if you see letters appear as you are typing in the numbers, you need to go back and type the numbers again, but without deleting the letters. Only after the whole number has been added should you go back and delete the letters. See http://docs.info.apple.com/article.html?artnum=302229 in case Apple comes up with another fix.

Today's BugBlog Plus has five more bugs and fixes for Adobe, HP, Macromedia, Microsoft, and Symantec. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

10/13/2005 Tar Bug Fixed by Red Hat

There is a new GNU tar package for Red Hat Enterprise Linux 4. It fixes a bug in tar in the way that sparse files were extracted, and also the way it handled file names with more than 100 characters. Get the update at https://rhn.redhat.com/errata/RHBA-2005-380.html

10/12/2005 Graphics in Office Docs Lose Their Whiteness

If a .PNG or .BMP graphic with a white background is inserted into a Microsoft Excel, PowerPoint or Word document, the graphic may appear on screen with an off-white background. If you print the document, the background may show up as gray. Microsoft says you need to switch graphic formats to restore your white background. Open the graphic in a graphics editor and resave it as a .GIF, .JPG or .TIF file.

Today's BugBlog Plus has seven more bugs and fixes for Apple, Google, Microsoft, Red Hat and Sun Microsystems. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

10/11/2005 Critical Bugs in Windows Components

Four separate bugs that are present in most versions of Windows may allow a remote attacker to take complete of a Windows system. The most vulnerable version is Windows 2000, where a remote attacker may be able to take advantage of a bug in Microsoft Distributed Transaction Coordinator. This bug has a security rating of Critical for Windows XP Service Pack 1, along with Windows 2000. Microsoft urges those users to apply patches from http://www.microsoft.com/technet/security/bulletin/ms05-051.mspx immediately. Other versions of Windows, including Windows XP Service Pack 2 and Windows Server 2003, are vulnerable only if they are configured in a certain way. Microsoft credits eEye Digital Security, Cesar Cerrudo, and iDefense for finding these bugs.

Today's BugBlog Plus has five more bugs and fixes for Microsoft, covering their Patch Tuesday releases. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

10/10/2005 Turn Your Playstation Portable Into a Brick

A malicious piece of software, called Trojan.PSPBrick, can turn your Sony Playstation Portable into a brick. The software pretends to be an unauthorized system hack that will disable Sony's software protection. What it actually does is delete system files that will prevent the Playstation from booting, apparently ever again. It also displays a taunting message on the Playstation that ends with
"Fu[REMOVED]ooser".
Symantec says they don't know of any way of resuscitating the Playstation, and chances are, Sony's not going to be too understanding about it. Read the details, and see a way to remove the Trojan from a Windows computer, at http://securityresponse.symantec.com/avcenter/venc/data/trojan.pspbrick.html.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, HP, IBM, and Microsoft. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

10/9/2005 Cell Networks Susceptible to Jamming

A group of researchers from Penn State say that cell phone networks could eaily be crippled by a denial of service attack through their text messaging, or SMS features. They say that the control channels of the cell networks could be overwhelmed by even a mid-sized bot network. As an example, they hypothesize that it would only take 2.8 Mbps of bandwidth -- a fast cable modem connection -- to saturate the Washington D.C. area's cell network. Read the article about this at http://www.securitypipeline.com/171203837. The whole paper is at http://www.smsanalysis.org/smsanalysis.pdf.

10/8/2005 A Big Patch Tuesday for Microsoft

Tuesday, October 11 will be a busy day because Microsoft will be releasing eight security bulletins for Microsoft Windows. Some of these will be Critical bulletins. They will also be releasing one Important security bulletin for Windows and Microsoft Exchange. The latest update to the Microsoft Windows Malicious Software Removal Tool will be released too. The BugBlog will cover the most important bulletin Tuesday afternoon, with full coverage of all the bulletins in the BugBlog Plus.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, Red Hat and Sun Microsystems.

10/7/2005 Bad Picture is Bad News for Mac OS X

A bug in Apple Mac OS X 10.3.9 and 10.4.2, both client and server, may let an attacker run their code on your computer because of a picture. Not just any picture, but a PICT image that has been designed in a way to exploit a buffer overflow in the QuickDraw Manager. QuickDraw is used in Safari, Mail, and Finder within OS X. This is fixed in the Apple Security Update 2005-008. Apple credits Henrik Dalgaard for finding this bug.

Today's BugBlog Plus has five more bugs and fixes for DVDs, Google, HP, and Microsoft. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

10/6/2005 Local Attack On Windows XP Wireless Networks

Security researcher Laszlo Toth discovered a bug in the way that Windows XP Service Pack 2 guards some of the key information about wireless networks. Users without administrative privileges may be able to get WEP keys and WPA Pair-wise Master Keys, the information needed to decrypt the wireless network. This can't be done remotely, only by a local user. This bug won't affect the typical home user, but if a school or library has a wireless network set up for public use, it may cause security problems. Microsoft was contacted about this bug in April, 2005. It appears a fix for this won't be coming until the next version of Windows (Longhorn/Vista) which should be here in 2006. See the details at http://www.soonerorlater.hu/index.khtml?article_id=62

10/5/2005 Symantec AV Scan Engine Has Security Problem

iDefense Labs says that the Symantec AntiVirus Scan Engine Web Service has a buffer overflow. This may allow remote attackers to run their code on the target computer with System privileges. According to iDefense, all the attackers need to do is send the improper code to TCP port 8001 on the vulnerable server. The scan engine from Symantec is used by many other third-party applications. See the list of vulnerable software at http://www.symantec.com/avcenter/security/Content/2005.10.04.html, where you can also get fix information. This primarily affects Symantec's enterprise software and not the consumer software. Read the iDefense bulletin at http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities.

Today's BugBlog Plus has ten more bugs and fixes for Apple, Microsoft, Symantec, and Zone Labs

10/4/2005 New Outlook Profiles End Up With Leftovers

If you delete a profile in Microsoft Office Outlook 2003, and then create a new profile with the same name as the old one, the new profile may end up with some of the same content that was in the deleted profile. Microsoft says this has been fixed in Office 2003 Service Pack 2.

Today's BugBlog Plus has seven more bugs and fixes for Apple, Macromedia, Microsoft, and Novell.

10/3/2005 Bug of the Month Goes to Adobe/MS Word Incompatibility

The October Bug of the Month goes to an instance where Microsoft Word and Adobe Acrobat don't play well together.

 

10/3/2005 Trojan Attack Through MS Access Database

An unpatched bug in the Microsoft Jet Database Engine, which was reported to Microsoft in March 2005, is being used by attackers to potentially take complete control of a Windows XP computer. The Jet Database engine is a behind-the-scenes file that helps power Microsoft Access databases. The attack is being mounted in a Trojan horse program called "Backdoor.Hesive" which masquerades itself as a Microsoft Access file. It can attack any computer running Microsoft Office 2000, XP, and 2003, as well as the standalone versions of Microsoft Access from the Office suite. Since Microsoft hasn't announced a fix yet, the best advice is to be wary of accepting any odd Access databases that come your way. Read more at http://www.eweek.com/article2/0,1895,1865511,00.asp.

Today's BugBlog Plus has five more bugs and fixes for Apple, Citrix, IBM and Microsoft.

9/30/2005 Acrobat Installations Problems

Try to install Adobe Acrobat 6.x or 7.x, either the Professional or Standard versions on Windows, and you may see one of these error messages
Error 1402: Could not open key [key name]
or
Error 1406: Could not write value Folders to key [key name].
Adobe has two possible solutions for this: either remove all previously-installed versions of Acrobat first, or reset all your permissions to default in the Registry. See http://www.adobe.com/support/techdocs/329137.html for details.

9/29/05 Get the Bugs Out of the Shuffle

Apple's iPod Updater 2005-09-23 includes the iPod shuffle update. This gives the shuffle the same update as the other iPods got in the 2005-09-06 update. This means a number of unspecified bug fixes. Shuffle off to http://www.apple.com/support/downloads/ipodupdater20050923.html for the update.

 

 

 


Home | Contact | Writing | Online | News | Tips | CABE |

© 2005 BJK Research LLC