BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Amazon Honor System Click Here to Pay Learn More

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02


View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily


Working with Words


Sardonic Views

Filtering Craig

Hotel Bruce


Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.





Here is the daily bug, incompatibility or other computer problem from the BugBlog

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. XML The BugBlog uses monthly archives. All the current June bugs are here. Use the links on the left or below to jump back to past months.

7/1 The BugBlog Is Back

Back from vacation. There are big bugs in the Tropics, but they aren't the kind to write about. New bug postings will be on the July page.

6/23/2006 BugBlog Is On Vacation

I'll be cut off from the Internet until 7/1. There won't be any new bugs till then.

6/23 Older Opera Has a JPEG Bug

There is a buffer overflow in the Opera 8.54 web browser that may allow an attacker to run their code on your system via a JPEG image. This has been reported by Secunia, who credits Vigilant Minds for finding the bug. As a fix, upgrade to the newly released Opera 9.0.

6/22/2006 ZoneAlarm Update Fixes Earlier Update Problems

The update to ZoneAlarm released last week by Zone Labs, and written about in the 6/20 BugBlog, had some major compatibility issues with some third-party products, including McAfee anti-virus software and the Qualcomm Eudora email program. These problems affected all the English-language versions of ZoneAlarm. They have been fixed in a new ZoneAlarm version 6.5.722.000 release, which is now available on the Zone Labs site, or via their software update.

Today's BugBlog Plus has six more bugs and fixes for Adobe, Apple, Microsoft, and Opera.

6/21/2006 The Latest Excel Bug Is Confirmed

Microsoft has posted their own warning confirming reports of a bug in Microsoft Excel 2000 through 2004, for both Windows and Macintosh. If you open a maliciously-designed spreadsheet, an attacker may be able to exploit a bug in the repair-spreadsheet feature, allowing hostile code to execute. According to Secunia, this bug is being actively exploited now. The best defense, at the moment, is to be careful on opening spreadsheets from unknown sources. Read Microsoft's advisory at http://www.microsoft.com/technet/security/advisory/921365.mspx. Read Secunia's more pointed warning at http://secunia.com/advisories/20686/.

Today's BugBlog Plus has seven more bugs and fixes for Apple, Microsoft, Opera, and Red Hat.

6/20/2006 ZoneAlarm Fixes a CPU Drain

UPDATE: Compatibility problems with this release have caused Zone Labs to release an update. Zone Labs has released ZoneAlarm 6.5.714.000. This version fixes a bug that sometimes caused rundll32 to suck up between 90 and 95 percent of your CPU time. It also fixes some other unspecified stability issues.

Today's BugBlog Plus has six more bugs and fixes for Adobe, Apple, Cisco, HP and Microsoft.

6/19/2006 Winamp Squashes Lots of Bugs

The latest version of the Winamp MP3 player, Winamp 5.23, is now online. This version has a number of bug fixes, including: fixes for saving playlists to network share files; problems with Media Library preferences; problems with CD burning using third-party plugins; problems using the right arrow key for seeking; and more. Get the updated player at http://winamp.com/player/.

Today's BugBlog Plus has six more bugs and fixes for Adobe, Apple, Microsoft, Novell and Red Hat.

6/18/2006 GarageBand Does Have Audio Output

If you try to run GarageBand on an Intel-based Mac OS X computer, you may see that the Audio Output says "No Driver." According to Apple, this message is wrong. The audio will still go to the built-in audio output. You can go to the Audio Output pop-up menu and pick "Built-in Audio."

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, IBM and Microsoft.

6/16/2006 Attackers Using Excel Bug

Microsoft admits that at least one customer is being targeted for an attack through a previously unknown bug in Microsoft Excel. You won't be able to fall victim to the attack unless you open an infected spreadsheet, which contains the Trojan.Mdropper.J. malware and then loads a second virus called Downloader.Booli.A. According to a story on eWeek, "well-organized criminals are conducting corporate espionage using critical flaws purchased from underground hackers." Read the whole thing at http://www.eweek.com/article2/0,1895,1977588,00.asp.

Today's BugBlog Plus has six more bugs and fixes for Apple, Microsoft, PayPal and SendMail.

6/15/2006 Yahoo! Mail Bug Fixed

A bug that affects Yahoo! Mail has been patched. According to security researchers, all you needed to do was view the infected email in the Yahoo! mail window, and some JavaScript would run. You did not need to open an attachment. The email itself would have the subject line of "[random word] New Graphic site", and this particular attack has been named Yamanner by the AV companies. See an early report at http://isc.sans.org/diary.php?storyid=1398 and some post-patch analysis at http://www.informationweek.com/blog/main/archives/2006/06/yahoo_mail_expo.html. In any event, it's probably safe to look at your Yahoo! Mail again. (Good thing I opened that Gmail account.)

6/14/2006 iPod Battery Life Help

If you suspect your iPod's battery isn't working as well as it should, you may want to check out http://docs.info.apple.com/article.html?artnum=61475. Apple details a way to test your battery's life, lists a chart showing battery capacity for various models (bet your battery life is lower) and has links to various tips, tricks, and other information on batteries.

Today's BugBlog Plus has eight more bugs and fixes for Cisco, Linux, Microsoft, and Symantec.

6/13/2006 Windows Media Player Allows Attack

There is a stack overflow in Windows Media Player 7.1, 9, 10, and XP Media Player, that may allow an attacker to run their code on your computer via a PNG (Portable Network Graphics) file. The attack can be triggered either by opening a maliciously designed PNG file, or by visiting a webpage with the hostile content. According to iDefense, the attack can happen when using either Microsoft Internet Explorer or Mozilla Firefox, either of which can call the Windows Media Player. Microsoft has patches available at http://www.microsoft.com/technet/security/Bulletin/MS06-024.mspx. This bulletin updates MS06-005. Microsoft credits Greg MacManus of iDEFENSE for finding this bug. The iDEFENSE explanation is at http://www.idefense.com/intelligence/vulnerabilities/display.php?id=406

Today's BugBlog Plus has seven more bugs and fixes forMicrosoft, all critical.

6/12/2006 MS Can't Fix Windows 98/ME

There won't be any fixes for Windows 98 or Windows ME for the bug in Windows Explorer that was announced in April, and that was patched in the newer Microsoft operating systems. According to Microsoft, patching this bug would have interfered with too many other things in the OS, and could have caused compatibility problems. Their advice for Windows 98/ME users was to use firewall filtering on TCP Port 139 instead. Of course, most people who are still using Windows 98/ME probably aren't the kinds of computer users who can make sense of that advice. All official support for Windows 98/ME ends after July's Patch Tuesday anyway. Read more at http://news.zdnet.com/2100-1009_22-6082307.html.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, Novell and Red Hat.

6/9/2006 Patch Tuesday Will Be Big

Microsoft says they will be publishing 12 security bulletins on June 13. Nine will be for Microsoft Windows, one for Microsoft Exchange, and two for Microsoft Office. One of these Office patches should be for the Microsoft Word zero-day vulnerability that surfaced in May (covered in the 5/20 BugBlog). There will also be an update to the Microsoft Windows Malicious Software Removal Tool. Microsoft's bulletin that announces the new bulletins is at http://www.microsoft.com/technet/security/bulletin/advance.mspx. The details on all the bulletins will be covered in the BugBlog Plus. The two most interesting will be in Tuesday and Wednesday's free BugBlog.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Microsoft, Mozilla and Novell.

6/8/2006 Network Driver Incompatibility in XP

There is an incompatibility between Windows XP and some unspecified network adapter drivers and unspecified host firewall software. Microsoft says that this combination may trigger an error message similar to
STOP 0x000000D1(parameter1, parameter2, parameter3, parameter4) DRIVER_IRQL_NOT_LESS_OR_EQUAL

There will be hex numbers in place of the parameter placeholders. Microsoft released a hotfix for this on June 6. If you are getting this error message, go to http://support.microsoft.com/kb/916595 for the download.

6/7/2006 End of the Line for SP1

The End Time is approaching, at least for Windows XP Service Pack 1 and 1a. Microsoft will be ending support for this version of Windows on 10/10/2006. That means no more security updates for those of you who haven't yet installed Windows XP Service Pack 2. Microsoft isn't trying to squeeze money out of you -- SP2 is free and you can get it at http://www.microsoft.com/windowsxp/sp2/default.mspx.

Today's BugBlog Plus has eight more bugs and fixes for Adobe, Apple, Microsoft, Sun Microsystems and Ubisoft.

6/6/2006 Font Slows Down Photoshop

If you have the Font Preview Size option turned on in Adobe Photoshop CS 2, and one of your fonts is damaged, the speed of Photoshop may slow down drastically. There are two workarounds -- either turn off Font Preview Size or find and get rid of the damaged fault. For a more permanent fix, install the Photoshop CS 2 9.0.1 update. Get it at http://www.adobe.com/downloads.

Today's BugBlog Plus has seven more bugs and fixes for Apple, IBM, Microsoft, Mozilla and Red Hat.

6/5/2006 QuickTime is Patched Again

After the reports of compatibility problems with Apple QuickTime 7.1 in May, 2006, Apple has released a QuickTime 7.1.1 update. This fixes problems with third-party applications, especially from Adobe, when QuickTime 7.1 is running on Intel-based Macs. It also fixes a potential bug when QuickTime was exporting Keynote presentations to Apple iDVD. Get the update at http://www.apple.com/support/downloads/quicktime711.html.

Today's BugBlog Plus has five more bugs and fixes for Mozilla and Microsoft.

6/3/2006 Another Windows Buffer Overflow Bug

Secunia reports that a bug in inetcomm.dll in Windows XP and Windwos Server 2003 may allow a buffer overflow using the "mhtml:" URI handler. A malicious website may be able to use this to run hostile code on your system. According to Secunia at http://secunia.com/advisories/20384/, this has been confirmed on fully patched Windows XP SP 2 and Windows Server 2003 systems. They credit "Mr.Niega" with finding this bug. There is no official word from Microsoft yet.

Today's BugBlog Plus has five more bugs and fixes for Apple, HP, Microsoft, MySQL and VMWare.

6/2/2006 Symantec Wins the Bug of the Month

When security sofware opens up security holes, we have a Bug of the Month.

6/2/2006 Firefox and Thunderbird Update

The Mozilla Foundation has released Firefox and Thunderbird These updates fix a number of bugs in nested options, in DOMNodeRemoved mutation event, Content-implemented tree views, and XBL implementation. Some of these bugs could cause crashes that may corrupt memory, which means that attackers could exploit them to sneak hostile code onto your system. Get the updates at http://www.mozilla.org/products/ or through the Help, Check for Updates command.

6/1/2006 Upgrade, and Then Patch, for Symantec

Symantec did not patch every vulnerable build of Symantec Client Security 3.1 and Symantec AntiVirus 10.1 Corporate Edition to the remote attacks first discussed in the 5/29 BugBlog. In some cases, Symantec customers will first need to upgrade to one of the versions that's been patched, and then apply the patch. They have a detailed table at http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2006052609181248 that shows each affected build and what you need to do to eliminate the security problem.

Today's BugBlog Plus has seven more bugs and fixes for Adobe, Apple, Macrovision, Microsoft, Mozilla and Novell.

5/31/2006 MS Office 2003 Update Includes Months of Hotfixes

Microsoft has a new update for Office 2003. This update essentially includes all the hotfixes for the Office applications released from November, 2005 through April, 2006. They say that in addition to the hotfixes, this update includes Rich Text Format improvements, and also includes the framework for a converter for the new Open XML file format that is going to be used in Office 2007. See all the details, and get the download, at http://support.microsoft.com/kb/910473.


Home | Contact | Writing | Online | News | Tips | CABE |

© 2006 BJK Research LLC