BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Amazon Honor System Click Here to Pay Learn More

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02


View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily


Working with Words


Sardonic Views

Filtering Craig

Hotel Bruce


Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.





Here is the daily bug, incompatibility or other computer problem from the BugBlog

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. XML The BugBlog uses monthly archives. All the current May bugs are here. Use the links on the left or below to jump back to past months.

5/31/2006 MS Office 2003 Update Includes Months of Hotfixes

Microsoft has a new update for Office 2003. This update essentially includes all the hotfixes for the Office applications released from November, 2005 through April, 2006. They say that in addition to the hotfixes, this update includes Rich Text Format improvements, and also includes the framework for a converter for the new Open XML file format that is going to be used in Office 2007. See all the details, and get the download, at http://support.microsoft.com/kb/910473.

5/30/2006 QuickTime Trips up Adobe Installation

Install Adobe Creative Suite 2, After Effects 7.0, Photoshop CS2, InDesign CS2, or InCopy CS2 on an Intel-based Mac computer that has Apple QuickTime 7.1 installed, and your computer may lock up. The culprit, according to Adobe, is QuickTime. Their workaround is to restart in Safe Boot mode, do an archive and install of OS X 10.4.x, and make sure you do not install the QuickTime 7.1 update. See http://www.adobe.com/support/techdocs/333087.html for the details.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, IBM, Microsoft, and Symantec.

5/29/2006 Review of Wikimapia

Something else to have fun with on the World Wide Web.

5/29/2006 Symantec AntiVirus Bug

Symantec says their enterprise line of anti-virus software, Symantec Client Security 3.1 and Symantec Antivirus Corporate Edition 10.1, are vulnerable to a stack overflow that may allow both local and remote attackers to run their code on the target computers. Symantec has updated virus signatures to check for attacks that may exploit this. See http://www.symantec.com/avcenter/security/Content/2006.05.25.html for news on updates. Symantec credits eEye Digital Security for finding this bug, which does not affect the consumer-level Norton AntiVirus products.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Microsoft, Novell and Red Hat.

5/26/2006 Changing Defaults for Program File May Cause Problems

If you edit your Windows XP Registry to change the default location of the Program Files folder, Microsoft says you may interfere with the correction installation of cumulative updates. Any files that aren't in their default location won't be updated. The default location is governed by the Registry key ProgramFilesDir at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\. If you've changed this key, or think that some program changed it for you, see http://support.microsoft.com/kb/917513 for information on changing it back.

(After two days of intermittent problems, my broadband cable connection seems to have fixed itself. Or else the problem was further up the line than the last 50 yards to my house. Anyway, it seems to be working without them having to send a repair guy.)

Today's BugBlog Plus has five more bugs and fixes for Apple,IBM, LucasSoft and Microsoft.

5/25/2006 Cox Cable Behaving Badly

My normally reliable Cox Cable Internet connection has been behaving very badly the past couple days. It's difficult to stay online more than two minutes at a time. Bug postings will be light until this is fixed.

5/24/2006 No More Green Circled Demons

If you are playing iD Software Doom 3 at a 2560 by 1600 resolution on a Windows XP computer with an ATI Radeon graphics card, you may see green circles around the energy projectiles of demons. (That, of course, upsets the aesthetics of the game.) ATI says they have fixed this in their Catalyst Software Suite 6.4 driver update.

Today's BugBlog Plus has eight more bugs and fixes for Adobe, Apple, ATI, IBM, Microsoft, Novell and Red Hat.

5/23/2006 More on the MS Word Bug

Microsoft has issued their own security advisory about the zero-day exploit affecting Microsoft Word. This attack is spread via a malicious email attachment that must be opened by the recipient. They say that this bug only affects Word 2002 and Word 2003. As a workaround, Microsoft says to operate Word in Safe Mode, and do not use it as the default editor in Outlook. See how to do that at http://www.microsoft.com/technet/security/advisory/919637.mspx. eEye Digital Security issued their own bulletin at http://www.eeye.com/html/resources/newsletters/alert/pub/AL20060523.html?sb=kwkbmvamunbmvambckmn. Their testing shows that Word 2000 is also affected. There may also be multiple variations of this attack circulating.

Today's BugBlog Plus has eight more bugs and fixes for Adobe, Apple, Microsoft, Mozilla, Novell and Sony.

5/22/2006 Outlook Mail Merge Fails

If you give the Tools, Mail Merge command in Microsoft Outlook 2002 or 2003, select the Outlook Address Book as your data source, and select Mailing labels as your document type setting, you won't get a mail merge. Instead, you will get an error message:
The required file schdmapi.dll could not be loaded. Please check your e-mail installation and reinstall Microsoft Word if necessary.
See http://support.microsoft.com/kb/918307 for a workaround for this.

Today's BugBlog Plus has five more bugs and fixes for Adobe, IBM and Microsoft.

5/20/2006 Exploiting a MS Word Bug

A zero-day bug has been discovered in Microsoft Word, with exploits using this bug already being noticed. If you open a maliciously-designed Word document, the bug may be triggered to run hostile code on your computer, including reconfiguration of security software. It appears, according to the Internet Storm Center, that these attacks come from China or Taiwan. Read more at http://isc.sans.org/diary.php?storyid=1345; in the meantime, be careful of opening suspicious Microsoft Word attachments.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Microsoft and Sun Microsystems.

5/19/2006 Stealing Through Skype

There is a bug in the Skype for Windows client that may allow an attacker to initiate a transfer of a specifically named file from one Skype user to another. This will happen if you can get the victim to follow a bad Skype URL. This has been fixed in Skype 2.5, release 2.5.*.79 or later, and in Skype 2.0, release 2.0.*.105 or later. Get links to these updates at http://www.skype.com/security/skype-sb-2006-001.html.

5/16/2006 Windows Vulnerability Affects Most Security Software

A posting at Security Focus points to a bug in the path conversion in Microsoft Windows that may leave all versions of Windows, as well as most anti-virus and anti-spyware software, vulnerable to an attack. A list of vulnerable products is at http://www.securityfocus.com/bid/17934/info, and includes Windows as well as most security software from Symantec, Softwin, Kaspersky, AVG, Avast, and others. This bug was discovered by Mario Ballano Ba¡rcena, and the discussion also includes a proof of concept.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, and Red Hat.

5/15/2006 Apple Security Update Fixes LaunchServices

Apple's Security Update 2006-003 squashes a bug in LaunchServices for Mac OS X 10.4.6 Client and Server. According to Apple, a long file name extension may interfere with Download Validation. This may let an attacker design a file with unsafe content, but appears to be safe to Mac OS X 10.4, which will then let an application, such as Safari, open the file. The security update does a better job of checking long file name extensions. Security Update 2006-003 includes many more fixes for bugs that may allow an attacker to run hostile code on your computer.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, Microsoft, and Novell.

5/13/2006 Firefox Mailto Bug

There is a bug in Mozilla Firefox, according to the Sans Internet Storm Center. A web page can be designed in a way to trick the function that automatically opens your email program when you click on a mailto: link, so that one click may rapidly open up 100 email windows on your computer, crashing it in a denial of service attack. It does not appear that attackers can use this to run code on your system. A configuration workaround is at http://isc.sans.org/diary.php?storyid=1327.

5/12/2006 Critical Update for QuickTime

A series of bugs in Apple QuickTime for Mac OS X 10.3.9 or later may allow attackers to sneak hostile code onto your system using a variety of paths, including a JPEG file, a QuickTime movie, a Flash movie, an H.264 movie, an MPEG4 movie, a FlashPix movie, an AVI movie, a PICT image, or a BMP image. Upgrade to QuickTime 7.1, which you can get at http://www.apple.com/support/downloads/quicktime71.html. All earlier versions of QuickTime are vulnerable. Apple credits Mike Price of McAfee AVERT Labs, ATmaCA working through TippingPoint and the Zero Day Initiative, and eEye Digital Security for finding these bugs.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Cisco, Microsoft, and Symantec.

5/11/2006 Bug in Sophos AV Products

A bug has been found in the Sophos line of anti-virus products. The bug is in the way that Microsoft Cabinet (.CAB) files are unpacked. An attacker may be able to construct a .CAB file in a way that lets them sneak their code onto your computer and then execute it. Sophos has updates available. See the chart at http://www.sophos.com/support/knowledgebase/article/4934.html for information on each product. It does not appear that this flaw has been exploited yet, although now the bad guys know where to look.

5/10/2006 Fantasy Soccer Spreadsheet Virus

There is a new computer virus that comes as an infected Microsoft Excel spreadsheet. The XF97/Yagnuul-A is only activated if an infected spreadsheet is opened. It appears to be circulating disguised as a spreadsheet that can be used to track your fantasy soccer league (fantasy football everywhere else but the US.) You are only at risk if you open the spreadsheet, so for now at least only soccer fans are in danger, although there are plenty of other fantasy leagues out there. Read more at http://news.com.com//2100-7349_3-6069814.html.

Today's BugBlog Plus has eight more bugs and fixes for Adobe, Apple, Microsoft, and Sun Microsystems.

5/9/2006 Microsoft's New Bug is An Older Flash Bug

Microsoft's Critical Security Bulletin for Windows for May, 2006 actually concerns a flaw in the Adobe Macromedia Flash Player. This Flash Player bug was covered in the BugBlog on March 16 -- so if you upgraded then, you are OK. If you haven't upgraded, and you use Windows XP, see Microsoft's Security Bulletin at http://www.microsoft.com/technet/security/Bulletin/MS06-020.mspx for the upgrade. Why is Microsoft concerned? Because Flash Player is included as a plug-in for Microsoft Internet Explorer 6.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Microsoft, and Red Hat.

5/8/2006 Defrag Tool Locks Up Windows XP

If you run the Defrag tool on a Windows XP computer, and the tool runs into a 0-byte attribute entry in the attribute list, Defrag may lock up. Microsoft says the Defrag.exe process will suck up 100 percent of your CPU usage, and stay at that level. Microsoft has a hotfix for this, which will be in a future service pack. See http://support.microsoft.com/kb/916731 if you need the fix right away.

Today's BugBlog Plus has seven more bugs and fixes for Apple, IBM, id, Microsoft, Novell, and Red Hat.

5/7/2006 iTunes Doesn't Like Privacy

Apple says that both the McAfee Privacy Service and Web acceleration software may interfere with iTunes for Windows when you try to download music at the iTunes Music Store. The interference may cause this error message:
There was an error downloading your purchased music. An unknown error occurred (403).
We could not complete your Music Store request. An unknown error occurred (-50).
According to Apple, you have to avoid the McAfee Privacy Service. See http://docs.info.apple.com/article.html?artnum=93447 for workarounds.

5/5/2006 Windows, Exchange Patches Coming

Still cleaning up after the last Patch Tuesday? Another one is coming. Microsoft says there will be one Critical Update for Microsoft Exchange. There will also be two security bulletins for Windows, and at least one of them is Critical. They will also be updating the Microsoft Windows Malicious Software Removal Tool.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, and Novell.

5/4/2006 Microsoft Deals with Disappearing Address Books

Earlier reports said some users were losing their Windows Address Books after installing the April Security Patch MS06-016 for Microsoft Outlook Express. Microsoft says this is ususally due to corruption that has built up over time in the Address Book, especially those that were created in earlier versions of Outlook Express and then upgraded many times. They have a fix that involves removing the patch, making a backup of the Address Book, deleting the original, and then reinstalling everything. They have detailed instructions on what to do at http://support.microsoft.com/kb/917288.

5/3/2006 Mozilla Fixes Security Bug

There is a bug in Mozilla Firefox 1.5.x that may get triggered when you come across deleted controller context on a web page. This only happens if designMode is turned on. In most cases, this will only crash the browser in a denial of service attack, but it may be possible to use this to run hostile code. It has been fixed in Firefox It does not affect Firefox 1.0.x or Mozilla Suite 1.7.x. You can get the update at http://www.mozilla.com/firefox/.

Today's BugBlog Plus has ten more bugs and fixes for Apple, Microsoft, MySQL, Novell and Six Apart.

5/2/2006 Microsoft Wins a Special Bug of the Month

Think of it as a lifetime achievement award.

5/2/2006 Don't Panic Your Mac OS X Server

There may be less need for your kernel to panic after you upgrade to Mac OS X Server 10.4.6. According to Apple, the update lessens the possibility of a kernel panic due to three different situation with NFS: users writing or copying large (over 2 GB) files; NFSv2 clients using applications with NFS Home Directories; heavy TCP loads on NFS Home Directory Servers. See http://docs.info.apple.com/article.html?artnum=303160 for more about this update.

Today's BugBlog Plus has five more bugs and fixes for Apple and Microsoft.

5/1/2006 Holding Your Computer Hostage

A new kind of computer virus will lock up your computer and then deliver a ransom note -- pay $10.99 via Western Union, if you want to see your files again. The anti-virus company Sophos has details of the message you will see at http://www.sophos.com/virusinfo/analyses/trojransoma.html, you may also want to read the overview at http://www.pcworld.com/news/article/0,aid,125569,pg,1,00.asp. There's even a threat to delete one file every thirty minutes until the ransom is paid.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, and Red Hat.

4/30/2006 New Worm Spreads Via Mail, IM

Symantec reports that there is a new worm that spreads through instant messaging as well as email. The W32.Nugache.A@mm worm, after it tries to spread to your contacts, will also open a backdoor on your computer. Read Symantec's advice at http://www.sarc.com/avcenter/venc/data/w32.nugache.a@mm.html. There's also some discussion at the Internet Storm Center at http://isc.sans.org/diary.php?storyid=1300.

Today's BugBlog Plus has five more bugs and fixes for Apple, Macromedia Microsoft, and Novell.

4/28/2006 Vista Will Ship With Half the Firewall Turned Off

Whenever Microsoft ships Windows Vista, it will ship with an improved firewall, one that monitors both incoming and outgoing traffic. The current Windows firewall only monitors incoming traffic which makes it helpless against malware currently on your system, unlike the two-way firewalls in products like ZoneAlarm and Norton Internet Security. That sounds like good news -- except that by default, the outbound monitoring will be turned off. It will be up to the users to make sure they turn it on. (Well, the BugBlog will never run out of things to write about as long as Microsoft is around.)

Home | Contact | Writing | Online | News | Tips | CABE |

© 2006 BJK Research LLC