BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Amazon Honor System Click Here to Pay Learn More

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02


View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily


Working with Words


Sardonic Views

Filtering Craig

Hotel Bruce


Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.





Here is the daily bug, incompatibility or other computer problem from the BugBlog

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. XML The BugBlog uses monthly archives. All the current August bugs are here. Use the links on the left or below to jump back to past months, or use the search form.

8/31/2006 Word 2003 May Take a 30 Minute Break

Try to open a Microsoft Word 2003 XML document, and Word may lock up for anywhere from 10 to 30 minutes. Microsoft says this may happen when the Word doc is linked by another Microsoft Office document, and that other document is on a network share and is opened by someone else. There aren't any configuration changes that can avoid this. Microsoft has a hotfix for this, which will be in a future Office service pack. See http://support.microsoft.com/kb/923826 if you need to get the fix right away.

8/30/2006 PlaysForSure or Surely Doesn't Play?

You may have problems moving purchased content onto a Microsoft verified "PlaysForSure" portable device, even though you can move content ripped from a CD onto the device. Instead, Windows Media Player 10 may give the error message:
0xC00D10BC - Windows Media Player cannot synchronize the file because the device needs to be updated.
This happened after an update to the Media Transfer Protocol (MTP) driver by Microsoft unearthed a bug that causes compatibility problems with Microsoft's Digital Rights Management scheme. Microsoft has a hotfix for this, which you can download from http://support.microsoft.com/kb/922814/.

Today's BugBlog Plus has ten more bugs and fixes for Apple, EA Sports, Microsoft, and Novell.

8/29/2006 Does Your Mac Have A Sleep Disorder?

Even computers can have sleep disorders. Apple says that even if you have set Mac OS X 10 computers to go into sleep mode after a certain period of inactivity, the computer actually stays awake. If you go to http://docs.info.apple.com/article.html?artnum=303698, you'll see a list of background procedures that you may not know are happening, but which effectively poke your computer and keep it awake. The culprit may actually be Bluetooth, an external drive, or even iTunes.

Today's BugBlog Plus has five more bugs and fixes for IBM, Microsoft, SendMail and Sun Microsystems.

8/28/2006 The Continuing Saga of MS06-042

The story so far: Microsoft releases a critical security patch for Internet Explorer; a bug is found in the patch, so they get ready to re-release the patch; another bug is found just before the re-release; then finally it's fixed. Here's Microsoft's explanation: The problem was because of the way the patch affected Internet Explorer 6 Service Pack 1 on Windows 2000. While most home users have moved on to Windows XP, there is still a large percentage of enterprise customers on Windows 2000, and they would have been affected. Read the whole thing at http://blogs.technet.com/msrc/archive/2006/08/24/449860.aspx.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, and Sun Microsystems.

8/26/2006 Cisco Concentrator FTP Hole

Cisco says there are two bugs in their Cisco VPN 3005, 3015, 3020, 3030, 3060, and 3080 concentrators. These bugs are active when file management via File Transfer Protocol (FTP) is turned on. They may allow unauthenticated attackers to use FTP commands to delete files on the concentrator. See http://www.cisco.com/warp/public/707/cisco-sa-20060823-vpn3k.shtml for which versions of the software are affected, and how to get the fix.

Today's BugBlog Plus has five more bugs and fixes for Apple, Cisco, Intel, Microsoft, and Red Hat.

8/25/2006 Apple Recalling Laptop Batteries

The Sony battery recall has spread to Apple. There is a recall of 1.8 million 12 inch iBook G4 and 12 and 15 inch PowerBook G4 laptop computers, due to a fire hazard. The detailed information from Apple on what batteries are affected is at https://support.apple.com/ibook_powerbook/batteryexchange/. Sony says they think that there won't be any more battery recalls. Read about the whole thing at http://www.eweek.com/article2/0,1895,2008146,00.asp and read about an effort by manufacturers to ease fears of exploding laptops at http://www.eweek.com/article2/0,1895,2008264,00.asp.

8/24/2006 More IE Patch Problems

Researchers at eEye have disccovered that the new bug in the MS06-042 patch for Microsoft Internet Explorer are exploitable by bad guys. IE 6 running on Windows 2000, and IE 6 running on Windows XP Service Pack 1 are affected.The bug triggers a buffer overflow, and the overflow can be exploited to introduce malware into your system. Microsoft has also withdrawn a proposed patch for this patch, citing problems discovered during testing. See eEye's bulletin at http://research.eeye.com/html/alerts/AL20060822.html for details and workaround information. Microsoft's side of the story is at http://blogs.msdn.com/ie/archive/2006/08/22/711402.aspx.

8/23/2006 IE Patch Has Pop-Up Problems

A bug snuck into the Cumulative Update for Microsoft Internet Explorer 6 that was distributed with the August Security Bulletin MS06-042. Because of the bug, if you visit a website that has a custom pop-up object, IE may crash. The error signature may look like this on a Windows XP computer: Iexplore.exe 6.00.2900.2180 Mshtml.dll 6.0.2900.2963 0006d031. Microsoft has a hotfix, which will probably get distributed in the next cumulative update for IE. See http://support.microsoft.com/kb/923996 if you need the fix right away.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, IBM, Microsoft, Red Hat and Sun Microsystems.

8/22/2006 Symantec Enterprise Manager Attacks

There is a bug in Symantec Enterprise Security Manager 6.0 and 6.5 that can be exploited by sending a specially designed invalid request. This will lock up both the ESM manager and the ESM agent. Both will need to be rebooted to recover from the attack. Symantec has both automated and manual fixes for all the affected ESM agents and managers. You can find the complete list at http://securityresponse.symantec.com/avcenter/security/Content/2006.08.21a.html.

8/21/2006 Another PowerPoint Bug Allowing Attacks

A brand-new attack against Microsoft PowerPoint was discovered on 8/19/06. A maliciously designed PowerPoint document, when opened, may be able to run code on your computer. The exact bug hasn't been pinned down yet, but has been noted because of the Trojan Horse-type activity it triggers. It does not appear to be the same bug patched by Microsoft in the August Patch Tuesday security release. For now, the only fix is to be careful around unknown PowerPoint files. Read more about it at http://blogs.securiteam.com/?p=559.

Today's BugBlog Plus has five more bugs and fixes for Apple, Dell, Microsoft and Novell.

8/20/2006 Remote Attacks Against Windows Server 2003

US-CERT says there is a bug in Microsoft Internet Explorer 6.0 SP1 running on Windows Server 2003. A remote attacker may be able to use a Terminal Services COM object as an ActiveX object, and crash the server. This may also allow the attacker to run their own code on the server. There's no official word from Microsoft yet -- you can see what the Feds have to say at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4219.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, and Microsoft.

8/19/2006 Apple Improves Fan Behavior

Unruly fans can cause problems at concerts and sports events, and also in Apple MacBook laptops. After many complaints about noisy fans in the Intel-based laptop computers, Apple has released a firmware update that hopefully will make the fans behave. They've already done this for MacBook Pro computers, so the fix has moved down the line. See http://www.apple.com/support/downloads/macbooksmcfirmwareupdate.html for the update and for instructions.

8/18/2006 You've Got Bugs

Secunia Research found a bug in the way that America Online 9.0 Security Edition revision 4184.2340 sets default permissions in the America Online 9.0 folder. AOL gives Full Control to the Everyone group, which means that anyone can delete or change AOL files in this folder. Secunia told AOL, who has a fix ready. It will be applied automatically when you log onto AOL. If you are using a version older than Security Edition 9, AOL says you should upgrade. Secunia credits Carsten Eiram with finding the bug.

8/17/2006 Yahoo Squashes Mail Bug

Yahoo has squashed a bug in the way that their Yahoo Mail service dealt with attachments. An attacker could have created an HTML attachment with a different encoding scheme that could evade the Yahoo Mail security filter, and then run some malicious JavaScript. Users of Yahoo Mail don't have to do anything-- the fix is implemented by Yahoo. Read more at http://www.pcworld.com/article/id,126788-c,yahoo/article.html.

Today's BugBlog Plus has five more bugs and fixes for IBM, Microsoft, MySQL, and Novell.

8/16/2006 Internet Explorer Update is Buggy

The latest cumulative security update for Microsoft Internet Explorer 6 may cause the browser to crash if you visit websites that use certain features. The update, which was in Security Bulletin MS06-042, can't handle sites that use both the HTTP 1.1 protocol as well as compression. Microsoft is working on an update to their security update. In the meantime, as a workaround you can disable the use of HTTP 1.1 (or use Mozilla Firefox). For the workaround, go to Tools, Internet Options, Advanced. In the Settings box, uncheck the Use HTTP 1.1 option.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, Kerberos, McAfee, Microsoft, and Sony.

8/15/2006 Big Battery Recall for Dell

Not really a bug, but your laptop going up in flames certainly qualifies as something bad happening to your computer. Dell has a new site, called https://www.dellbatteryprogram.com/ with information on the laptop battery recall. When I checked it this morning, I got a warning message about a problem with the security certificate. Chances are, that happened due to the haste in getting up the separate site. If you go to dell.com, there's only a little tiny link to "Battery Recall" at the bottom of the page.

Today's BugBlog Plus has five more bugs and fixes for Apache, Apple, Microsoft and Ruby on Rails.

8/14/2006 Garbled Music in iTunes or QuickTime for Windows

When using iTunes for Windows you may be getting sub-par audio results, including skips, pops, and garbled music. This may also affect music being played through the Apple QuickTime Player. Apple says you may need to adjust the Sound Out feature in QuickTime, or the Sound Enhancer feature in iTunes, to take care of incompatibilities with your sound card. Apple shows some troubleshooting steps at http://docs.info.apple.com/article.html?artnum=93610.

Today's BugBlog Plus has six more bugs for Adobe, Microsoft, and Novell.

8/12/2006 Adobe Templates Get Lost in Translation

When you install Adobe Premiere Elements 2.0, a number of DVD templates should get installed. Normally, the installation process figures out the default language of your computer, and then installs the correct templates. In the US, they would normally get installed in en_US. However, Adobe says the installation process sometimes gets confused on the default language, and leaves the templates in the root of the templates folder, and the program can't find them. See http://www.adobe.com/support/techdocs/329802.html for info on how to move them.

Today's BugBlog Plus has five more bugs for Microsoft and Red Hat.

8/11/2006 MacPro Update Fixes Image IO Bug

A bug in the ImageIO for the Mac OS X 10.4.7 Build 8K1079 for the Mac Pro may allow hostile content into your Mac via a corrupt TIFF image. Apple's Security Update 2006-004 for the Mac Pro fixes this. Apple credits Tavis Ormandy of the Google Security Team for finding this bug.

8/10/2006 Attacks Against Blackberries Possible

Research in Motion Blackberry owners now have to worry about malware attacks. Security researcher Jesse D'Aguanno has demonstrated how you can combine some Trojan horse code in a free tic-tac-toe game download, which will then work with BBProxy to launch attacks against other machines on a network. It's all theoretical for now, but there's probably bad guys working on this right now. Read more at http://www.pcworld.com/article/126685-1/article.html

8/9/2006 Attack Via Windows HTML Help

There is a buffer overrun in the HTML Help in Windows 2000, Windows XP, and Windows Server 2003. A remote attacker can construct a hostile web page that can exploit this to take complete control of your system. You can download a patch for this at http://www.microsoft.com/technet/security/Bulletin/MS06-046.mspx. As a workaround, you can also disable the HTML Help ActiveX control. Microsoft credits Cody Pierce of the TippingPoint Security Research Team for finding this bug.

Today's BugBlog Plus has eight more critical bugs for Adobe and Microsoft.

8/8/2006 Critical Bug in Windows

Microsoft says there is a bug in the kernel of Windows 2000, Windows XP, and Windows Server 2003 that may let a remote attacker completely take over your computer. The bug is in the way that exception handling is done by Windows when you have multiple applications loaded in memory. This attack could be carried out by a hostile website, if you happen to be visiting. Microsoft labels this a Critical bug, and have patches for it at http://www.microsoft.com/technet/security/Bulletin/MS06-051.mspx. As a workaround, you could mitigate the impact by disabling Active Scripting.They credit Matt Miller of Leviathan Security Group and Ken Johnson for finding this bug.

Today's BugBlog Plus has seven more critical bugs for Microsoft.

8/7/2006 Holes in a Cisco Firewall

A bug in Cisco's PIX firewall appliances was shown at the Black Hat USA Conference. Details weren't disclosed, because Cisco doesn't have the patch ready yet. Security researcher Hendrik Scholz says that you will be able to "Open up whatever port you want", which doesn't sound like the kind of behavior you want from a firewall. Read more at http://www.pcworld.com/article/126649-1/article.html.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, and Microsoft.

8/6/2006 Microsoft Wins Bug of the Month for Windows Genuine Advantage

Because WGA deserves all the criticism it gets.

8/5/2006 Hijack A Macbook (or other laptop) in 60 Seconds

The Security Fix column at the Washington Post has a video that demonstrates how a remote attacker can seize control of an Apple Macbook computer. (The attack was carried out from a Dell laptop.) The video was produced by Jon "Johnny Cache" Ellch and David Maynor, and uses a third-party wireless card in the Apple. The bug itself is in the wireless device driver, and is not particular to the Apple OS. Anyone who uses a laptop in a public space near other laptop users (that includes me) may want to watch at http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco.html

Today's BugBlog Plus has six more bugs and fixes for Adobe, Apple, and Microsoft.

8/4/2006 Another Big Patch Tuesday

Microsoft says they will be releasing 12 security bulletins on Tuesday, August 8. Ten of the bulletins will be for Windows, and 2 for Office. At least one of each of these will be Critical updates. We will also be getting an update to the Microsoft Windows Malicious Software Removal Tool, and there will be two priority non-security updates pushed out via Microsoft Update. Malware vendors haven't yet announced what zero-day vulnerabilities they will be releasing on Wednesday.

8/3/2006 Mozilla Fixes Streaming Video Bug

Mozilla has released Firefox This update quickly follows the release, which was a security update. Unfortunately, version had a bug that caused problems playing streaming Windows Media content, written up in the 8/1 BugBlog. Mozilla users can wait for the auto update, or get the new version at http://www.mozilla.com/firefox/releases/

8/2/2006 Mac Attack Through GIF File

Apple says that Mac OS X 10.4.x users are vulnerable to attack via GIF images. A bad guy may be able to construct a corrupt GIF immage that causes a memory allocation failure, which can then be used to either crash the application viewing the GIF file, or possibly run hostile code. This has been patched, for Mac OS X 10.4.7, with the Security Update 2006-004.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, McAfee, Microsoft, Red Hat and Symantec.

8/1/2006 Streaming Video Problems for Firefox

There is a bug in the new Mozilla Firefox that interferes with your ability to view streaming video, especially in the Windows Media format and Real Media format. You can see by the discussion in Bugzilla at https://bugzilla.mozilla.org/show_bug.cgi?id=346167 that a fix may be here fairly quickly, in the form of a Firefox release.

7/31/2006 Windows Driver Bug Can Cause A Blue Screen

There is a bug in the server driver (srv.sys) in many different versions of Microsoft Windows. The bug, discovered by ISS X-Force, may let attackers trigger a blue screen of death. Read their details at http://xforce.iss.net/xforce/alerts/id/231. Microsoft acknowledges the problem at http://blogs.technet.com/msrc/archive/2006/07/28/443837.aspx, and has some temporary defenses.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, IBM, and Microsoft.



Web www.bjkresearch.com

Home | Contact | Writing | Online | News | Tips | CABE |

© 2006 BJK Research LLC