BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02


View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily


Working with Words


Sardonic Views

Filtering Craig

Hotel Bruce


Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.





Here is the daily bug, incompatibility or other computer problem from the BugBlog

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. XML The BugBlog uses monthly archives. All the current January bugs are here. Use the links on the left or below to jump back to past months.

2/28/2006 Attacks Against PayPal Mounting

A security company, BlackSpider Technologies, estimates that several million copies of a Trojan horse program targeted at PayPal users were mailed last week. The subject line will say "Notification: Your Account Temporally Limited" and if you follow the link an log in, they will steal your username and password. An estimate of several million may be low, since the BugBlog has been getting about 10 of those a day, as well as another version that says that some other email address has been added to your account. The workaround is simple - never follow a link from your email to PayPal. Always log in from a fresh browser window. Read the whole thing at http://www.securitypipeline.com/181400633.

Today's BugBlog Plus has seven more bugs and fixes for Adobe, Apple, Microsoft, Mozilla, and Sun Microsystems.

2/27/2006 Mail-Merged Hyperlinks in MS Word are Lost

If you do a mail merge to email using Microsoft Word 2002 or Word 2003, and your data source fields contain hyperlinks, they might be converted into plain text in the email messages, and won't be clickable. Microsoft says they have two different workarounds for this. See the details at http://support.microsoft.com/kb/912679.

Today's BugBlog Plus has eight more bugs and fixes for Apple,Microsoft, Mozilla, and Sophos.

2/24/2006 Shockwave Installer Bug

Adobe has patched a critical vulnerability in the Macromedia Shockwave Player ActiveX installer. If you were prompted to download the vulnerable version from a malicious website, the attackers could have run hostile code on your system. This vulnerability doesn't affect you if Shockwave is already installed, and the new version available for download has been patched. Be careful if you have downloaded but not yet installed an earlier, vulnerable version of Shockwave. Adobe credits the Zero Day Iniative of Tipping Point for finding this bug.

2/23/2006 Infrared Update for Windows XP Media Center

There is an Update Rollup 2 for the Microsoft Windows XP Media Center Edition eHome Infrared receiver. This update includes compatibility fixes for some new hardware, including the Microsoft Media Center infrared (IR) keyboard and some new remote controls. It will also add support to some keys that previously didn't work on existing remote controls. It is a cumulative update, so it also contains all the previous fixes for the Infrared receiver. Get the update at http://support.microsoft.com/kb/912024 or through Windows Update.

2/22/2006 Star Wars Update Fixes Bugs

LucasArts has fixed a number of bugs in various weapons in the Star Wars Empire at War 1.02 update. This includes: fixing the proton torpedos so they don't ignore hardpoints; fixing the magnapulse cannon so it doesn't have to be double-clicked; and fixing a bug that allowed the Death Star to fire even after a battle. However, they did not get to at least one bug: according to reports, there is still a thermal exhaust, right below the main exhaust, that leads right to the Death Star's core. A remote attacker may be able to trigger a denial of service attack through this port.

Today's BugBlog Plus has six more bugs and fixes for Adobe, Apple, IBM, Microsoft, and Novell.

2/22/2006 DVD Review: Hitchhiker's Guide to the Galaxy

The movie can't match the book

2/21/2006 Apple Safari Vulnerable to Shell Exploit

There are reports of a bug in Apple Safari running on Mac OS X systems. Users who do no more than visit a website may trigger a shell command, so that attackers can run code on your system with you having to do no more than visit a malicious website. The Sans Internet Storm Center has a summary at http://isc.sans.org/diary.php?storyid=1138. The original report came from Juergen Schmidt at heise.de. They have an English version at http://www.heise.de/english/newsticker/news/69862.

Today's BugBlog Plus has five more bugs and fixes for Adobe, LucasArts and Microsoft.


2/20/2006 McAfee AntiVirus Problems with Adobe Photoshop

There is an incompatibility between McAfee VirusScan 8.0i and Adobe Photoshop CS2. According to Adobe, that version of McAfee may lead to missing text on menus or buttons, or problems with the registration window. One solution is to upgrade McAfee to Patch Version 10. Another is to disable the Buffer Overflow function in McAfee VirusScan. A third is to exclude Photoshop CS2 from Windows Data Execution Prevention (DEP). See the details at http://www.adobe.com/support/techdocs/326371.html.

Today's BugBlog Plus has five more bugs and fixes for Apple, Corel, and Microsoft.

2/19/2006 Windows Media Player Exploits Are Seen

If you haven't yet installed the patch for the Microsoft Windows Media Player that was released Tuesday by Microsoft, you may want to move that job higher on your To-Do list. Exploit code that shows how to take advantage of this security bug is now circulating on some of the black-hat sites on the Web. Read about this code at http://news.zdnet.com/2100-1009_22-6040746.html. Get the patch at http://www.microsoft.com/technet/security/bulletin/MS06-005.mspx

Today's BugBlog Plus has five more bugs and fixes for Apple, IBM, and Microsoft.

2/17/2006 AOL Mail May Crash Apple Safari

If you are using Apple Safari on a Mac OS X 10.4.4 or earlier computer to go to AOL webmail and then delete AOL mail messages, Safari may crash. This has been fixed in the Mac OS X 10.4.5 update.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, Mozilla and Sun Microsystems.

2/16/2006 Toshiba Laptops Don't Like iPods

If you plug your Apple iPod into a Toshiba laptop computer with a USB cable, you might have problems. According to Apple, iTunes for Windows running on the laptop won't recognize the iPod, or the iPod Updater will recognize the iPod, but you will get a disk error if you try to restore the iPod. Apple has some workaround steps to try at http://docs.info.apple.com/article.html?artnum=300836. They do note that these are only for laptops, and not for desktop computers that use USB keyboards and mouse.

2/15/2006 Adobe Fixes PDF Browser Crash

On a computer with Adobe Acrobat 7.0.x Standard or Professional installed, if you have a browser with the Google toolbar visible, loading a PDF file into the browser and then exiting may cause the browser to crash. Adobe says this has been fixed in the Acrobat 7.0.7 update for Acrobat Standard and Professional. Get the update at http://www.adobe.com/support/techdocs/332877.html.

Today's BugBlog Plus has eight more bugs and fixes for Adobe, Apple, ATI, Microsoft, and Red Hat.

2/14/2006 Microsoft's Patch Tuesday

The plug-in version of Microsoft Windows Media Player, which is designed to work within a web browser, appears to open up a serious security hole when it is used with non-Microsoft browsers from Mozilla and Netscape. If you are using the browser, and come upon a maliciously designed webpage that has content set up to play in Windows Media Player, and that content has a very long embed src tag, the attacker may be able to overwrite memory and run their code on your computer. Get the update from Microsoft at
http://www.microsoft.com/technet/security/bulletin/MS06-006.mspx. As a workaround, you can make sure that Windows Media Player is not the default plug-in for media files that you may run across. Microsoft credits iDefense for finding this bug. Note that the plug-in doesn't cause problems for the Opera browser, nor from Microsoft Internet Explorer. (Does this mean if Microsoft can't beat you in the market, they will destroy you from within? Nah, couldn't be.)

Today's BugBlog Plus has seven more bugs and fixes Microsoft's Patch Tuesday bugs.

2/13/2006 Microsoft Anti-Spyware Zaps Norton AntiVirus

According to a story in the Washington Post (not one of my usual sources) the latest version of Microsoft Anti-Spyware labels Symantec Antivirus as spyware, and instructs users to delete some of the Norton files. If the users do so, it will disable the anti-virus protection. Restoring Norton afterwards is a complicated process. There are quite a few threads on Microsoft's discussion forums talking about this. Read the full report at the Post at http://blog.washingtonpost.com/securityfix/2006/02/microsoft_antispyware_deleting_1.html, which also links to some of the discussions. It would appear that Microsoft is changing the signature definitions for Anti-Spyware, to prevent this from happening anymore.

Today's BugBlog Plus has five more bugs and fixes for Apple, IBM, Microsoft and Red Hat.

2/11/2006 ActiveX Update for Internet Explorer

Microsoft has an ActiveX update for Microsoft Internet Explorer 6 for Microsoft Windows XP Service Pack 2 and for Microsoft Windows Server 2003 Service Pack 1. This should help to improve security for ActiveX controls, which is good news. However, there may be some bad news. After applying this update, you may have compatibility problems at some websites, where you won't be able to use the ActiveX feature until you manually click the control. The web developers at these sites may need to make some changes too. See http://msdn.microsoft.com/ieupdate for details on those.

Today's BugBlog Plus has six more bugs and fixes for Adobe, Apple, Google and Microsoft.

2/10/2006 Multiple Bugs in Lotus Notes

Secunia Research details at least six bugs in IBM Lotus Notes 6.5.4 and 7.0. These bugs may allow remote attackers to run their code on your system, with the attacks coming from malicious content in emails, in HTML, in TAR archives, in ZIP files, and in UUE files. These bugs have been fixed in Notes 6.5.5 and in 7.0.1. Read the details at http://secunia.com/advisories/16280/. Their article also points to an IBM tech note, which at the moment appears to be missing.

2/9/2006 Exploits Aimed at Firefox Bugs

Code that can be used to take advantage of bugs in Mozilla Firefox have been released and are circulating on the Internet. They would exploit bugs that have been patched in the Firefox update. According to a story on ZD Net, this code would work against Linux and Mac OS X systems running Firefox 1.5, but not earlier versions. Read the whole thing at http://news.zdnet.com/2100-1009_22-6036771.html.

2/8/2006 Lots of Bugs in Java

There are seven different bugs in various versions of the Sun Microsystems Java Runtime Environment (JRE) and Java Software Development Kit (SDK). These bugs affect the Windows, Solaris, and Linux platforms and may allow an untrusted applet to give itself elevated privileges, and then cause damage to your system. Sun shows which of the bugs affect the different versions of Java at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1. That page also shows how to determine which version of Java you have, and has links to updates. Sun credits Adam Gowdiak for finding five of the seven bugs.

Today's BugBlog Plus has eight more bugs and fixes for Adobe, Apple, IBM, Microsoft, and Mozilla.

2/8/2006 Apple Wins the Bug of the Month

It's a little bit belated, but the Apple Quicktime 7.0.4 Update to fix security holes in graphics files, wins the February Bug of the Month.

2/7/2006 Missing Driver Messes Up iPod Connection

When you plug an iPod nano or Fifth Generation iPod into a Mac OS X computer, you may get this error message when you open the iPod updater:
You must connect using FireWire to restore this iPod.
The Updater may also be displaying the wrong iPod model. According to Apple, this happens because the iPodDriver.kext file didn't load correctly. See http://www.info.apple.com/kbnum/n61937 for instructions on how to fix this.

Today's BugBlog Plus has seven more bugs and fixes for Adobe, AOL, Apple, IBM, Microsoft, and Mozilla.

2/6/2006 Security Problem in Microsoft Help Workshop

There is a security bug in the Microsoft HTML Help Workshop, according to a report on the Secunia website. If there is an overlong string in the Contents field of an .hhp, an attacker can create a buffer overflow and run their own code on a system, if they can get the victim to open the poisoned .hhp file. There are exploits available that show how to do this. Secunia credits bratax for finding this bug. Read their whole report at http://secunia.com/advisories/18740/. The only workaround at the moment is to avoid .hhp files of uncertain origin.

2/5/2006 Adobe Files Can Be Switched

There is a bug in the file and folder permissions for Adobe Photoshop CS2, Illustrator CS2 and the Adobe Help Center. According to Adobe, this may let not-privileged users change some important Adobe system files. This is not going to affect a standalone user, but in a multi-user environment it may allow a local user to replace the Adobe files with malicious files that could damage other parts of the computer system. Get fixes from http://www.adobe.com/support/techdocs/332644.html. Adobe credits Sudhakar Govindavajhala and Andrew Appel of Princeton University for finding this bug.

Today's BugBlog Plus has five more bugs and fixes for Apple, ATI and Mozilla.

2/3/2006 Firefox Fixes Security Problems

Mozilla has released Firefox, which is a bug-fix and stability release, with no added features. The most critical bug fixed is a hole in the way XULDocument.persist() validates. Remote attackers may be able to inject XML that could trigger JavaScript commands that would run at the same permission level of the browser.

Today's BugBlog Plus has six more bugs and fixes for Apple, Microsoft and Mozilla.

2/2/2006 Camera Prevents Windows XP Shutdown

If you have a camera connected to a Windows XP computer's USB root hub or USB port, and you have configured the option to Allow the computer to turn off this device to save power, the camera might prevent the computer from either going into hibernation or shutting down. Instead, the computer will hang during the shut-down. Microsoft has a hotfix for this, which will be in a future Windows XP service pack. If you are affected by this, and don't want to unplug the camera before shutting down, see http://support.microsoft.com/kb/909667 for information on getting the hotfix from Microsoft.

2/1/2006 Don't Take MyWife, Please

A mass-mailing email worm given different names by various security researchers, may be able to do a significant amount of damage on 2/3/2006, and then the third day of subsequent months. It's called MyWife by McAfee and Microsoft, Nyxem by Kaspersky and Sophos, and Blackmal.E by Symantec. It will come as an email attachment, and probably shouldn't detonate if you don't open the attachment. It is set to delete files and alter your Registry, and will send emails to addresses it finds in your address book. Symantec's write-up is at http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal.e@mm.html, and McAfee's is at http://vil.nai.com/vil/content/v_138027.htm. Make sure your anti-virus signatures are up to date.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, Microsoft Mozilla, and Sun Microsystems.

1/31/2006 Get the Bugs Out of Your iPod

Apple has a new iPod Updater available. The new versions are new iPod Software 1.1 for iPod nano, new iPod Software 1.2.1 for iPod with color display, new iPod Software 1.4.1 for iPod mini, and new iPod Software 3.1.1 for iPod with Click Wheel. This upgrade has a number of unspecified (by Apple) bug fixes, and it also supports the iPod Radio Remote for iPod with video and iPod nano. Get it at http://www.apple.com/support/downloads/ipodupdater20060110.html.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Microsoft and Nullsoft.


1/30/2006 Black and White Turns Gray in Office 2003

Printing out a black and white image from a Microsoft Office 2003 Service Pack 2 application may not work correctly. According to Microsoft, some printers may print the white color as a light gray. They don't list which printers are affected, but presumably you will know if you see it. Microsoft has a hotfix for this, which will be in a future service pack. If you are affected, see http://support.microsoft.com/kb/913164 for information on how to get it sooner.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, and Microsoft.

Home | Contact | Writing | Online | News | Tips | CABE |

© 2005 BJK Research LLC