BJK Research

The BugBlog

The BugBlog is a daily look at computer bugs, incompatibilities, and other things that can go wrong with your computer.

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. The BugBlog uses monthly archives. All the current December bugs are here. Use the links on the left or below to jump back to past months, or use the search form. XML

11/30/2006 Adobe Acrobat ActiveX Bug Can Cause Crash

There is a bug in an ActiveX control for Adobe Reader 7.0.x and Adobe Acrobat 7.0.x that may allow an attacker to crash a computer after opening a corrupt PDF. However, it only affects you if you click on a link within Microsoft Internet Explorer to view a PDF file. Adobe's suggested workaround is to delete the ActiveX control. This means you won't be able to view PDFs from within IE; however, you will still be able to open them in the stand-alone Adobe Reader or Acrobat. See http://www.adobe.com/support/security/advisories/apsa06-02.html for the details on how to delete the file, if you use IE.

11/29/2006 Apple Patches Holes in OpenSSL

The Apple Security Update 2006-007 for Mac OS X 10.3.9 and 10.4.8 includes bug fixes for some bugs in OpenSSL (Secure Socket Layers). These bugs may allow a malicious website to impersonate another trusted site, and may allow an attacker to run code on your computer. Apple rates these as critical bugs.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple and Microsoft.

11/28/2006 Is Acrobat on the Disabled List?

If you've installed Adobe Acrobat Professional on your computer, but the icon for Convert to Adobe PDF suddenly is missing from a Microsoft Office application, the problem may be that Adobe PDF was put on the Disabled Items list within Office. View the list from within the Office application by going to Help, About and clicking on Disabled Items. If Adobe Acrobat PDF is on the list, click to Enable it. If this isn't the problem, Adobe has some other possible solutions at http://www.adobe.com/support/techdocs/333235.html.

Today's BugBlog Plus has six more bugs and fixes for Adobe, Apple and Microsoft.

11/27/2006 Problems Dragging Slides in Office 2007

If you try to drag a slide from a Microsoft PowerPoint 2007 presentation into a Word 2007 document, the slide won't get copied and you will get an error message:
Word has encountered a problem
If you try to drag it to a Publisher 2007 publication, the slide won't get copied either, and you won't get an error message. Microsoft has a couple of workarounds for this. See http://support.microsoft.com/kb/925423 for the details.

Today's BugBlog Plus has five more bugs and fixes for Apple and Microsoft.

11/26/2006 Overflow in Netgear Driver

The Month of Kernel Bugs website reports on a buffer overflow bug in the driver for the NetGear WG311v1 wireless adapter. If an attacker sends a long SSID (Service Set Identifier), they may be able to take advantage of the overflow to run hostile code on your computer. You can see the detailed original report at
http://projects.info-pull.com/mokb/MOKB-22-11-2006.html. There is no fix yet.

11/22/2006 Mac OS X Vulnerable Via DMG Files

The Month of Kernel Bugs website has posted details of a bug in Apple Mac OS X. Because of a bug in the way that Safari handles external DMG files, a malicious website may be able to launch a denial of service attack and possibly run hostile code against your computer. See a slightly more readable version of the details at http://secunia.com/advisories/23012/.

11/21/2006 PowerPoint 2007 Links Can't Go Back in Time

You can construct Microsoft PowerPoint 2007 presentations that contain hyperlinks that can take you to various parts of your presentation, such as the first slide, next slide, or last slide. If you save the presentation as a PowerPoint 97-2003 file (to share with some unenlightened soul who hasn't upgraded), these hyperlinks may not work. There is no fix or workaround yet.

Today's BugBlog Plus has five more bugs and fixes for Apple, Google, Microsoft and Novell.

11/20/2006 Worm Infects Second Life (Is it Snow Crash?)

The virtual world Second Life was attacked by a worm that created shiny gold rings that showed up on the imaginary landscape. If the Second Life users' avatars touched the rings, they would replicate. Enough people did, and the Second Life servers bogged down until they were cleaned up by system administrators. Read about it at Slashdot at http://it.slashdot.org/article.pl?sid=06/11/20/0218221 or at the Second Life blog at http://blog.secondlife.com/2006/11/19/grey-goo-on-grid/. No word on whether this worm is being called Snow CrashAmazon. (I've never been to Second Life, myself; my First Life is challenging enough.)

Today's BugBlog Plus has five more bugs and fixes for Apple, IBM and Microsoft.

11/17/2006 Google Calendar Import Problems

Try to import events into your Google Calendar from a large iCal or a CSV file, and you may get a 500 error message. Google says that if this happens, wait for up to ten minutes with your browser window open. After that, close your browser and start up a new browser session. Go to Google Calendar and see if your events made it in. If not, they suggest trying to import a smaller range of events. See http://www.google.com/support/calendar/bin/answer.py?answer=37825&topic=8566 for more links on how to import your events.

Today's BugBlog Plus has five more bugs and fixes for Apple, IBM and Microsoft

11/16/2006 Apple Archive May Mean Adobe Activation Again?

According to Apple, if you do an Archive and Install of a Mac OS X 10.4 computer, and you have Adobe software installed, you might have to re-activate the software. To find the various ways that activation of Adobe software might screw you up, see http://www.adobe.com/support/techdocs/331418.html.

11/15/2006 Adobe Has Another Flash Update

Adobe has an updated Flash Player 9.0.28.0 that patches a security bug that affects Flash Player 7.x, 8.x, and 9.x. The bug lets remote attackers modify HTTP headers which could then lead to HTTP Request Splitting attacks. Users of Flash Player 7-9 should get the latest player at http://www.adobe.com/go/getflashplayer. Note that Microsoft also issued a security bulletin on the same day about Flash Player -- but this bulletin was about a bug in Flash Player 6, a bug fixed by Adobe two months earlier.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, and WinZip.

11/14/2006 Microsoft Patches Critical Agent Bug

Microsoft says that their Microsoft Agent software technology has a critical bug that may allow a hostile website to completely control your computer. To fall victim, you would need to visit a website that links to a malicious .ACF file. This is a Critical bug for Windows 2000 and Windows XP, and a Moderate bug for Windows Server 2003. There is information on a temporary workaround, plus links to a permanent fix, at http://www.microsoft.com/technet/security/Bulletin/MS06-068.mspx. If you really aren't that familiar with Microsoft Agent (I wasn't) you can learn about it at http://www.microsoft.com/msagent/default.asp.

Today's BugBlog Plus has five more bugs and fixes from Microsoft's Patch Tuesday.

11/13/2006 Cisco Secure Desktop is Insecure

Cisco says their Cisco Secure Desktop (CSD) 3.1.1.33 and earlier software has three bugs that lessen security. One bug may leave information from an Internet browsing session using SSL VPN (Secure Socket Layer on a Virtual Private Network) on a computer after the session ends. Another bug will let users leave the Secure Desktop when they shouldn't, and then third lets local users gain extra privileges. Cisco has fix information at http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, MySpace and Novell.

11/11/2007 Here Comes Patch Tuesday

November 14 is Patch Tuesday for Microsoft. According to their advance notification, they will be patching the critical bug in XML Core Services. They also have five other patches for Windows, at least one of which will be a critical update. There will also be two non-security high-priority updates that will be released via Microsoft Update.

11/10/2007 Less Importing in Office 2007

Microsoft eliminated a number of file import filters for some really old file formats. According to Microsoft, Excel 2007 won't be able to open or save in these formats: WK1 (1-2-3), WK4 (1-2-3), WJ3 (1-2-3 Japanese) (.wj3), WKS (1-2-3) WK3 (1-2-3), WK1,FMT(1-2-3), WJ2 (1-2-3 Japanese) (.wj2), WJ3, FJ3 (1-2-3 Japanese), DBF 2 (dBASE II), WQ1 (Quattro Pro/DOS), WK3,FM3(1-2-3), Microsoft Excel Chart (.xlc), WK1,ALL(1-2-3), WJ1 (1-2-3 Japanese) (.wj1) WKS (Works Japanese) (.wks). Chances are, if you've been plugging away on a DOS version of Lotus 1-2-3, I guess you aren't the type of computer user contemplating a jump to Office 2007.

Today's BugBlog Plus has ten more bugs and fixes for Apple, Google, Microsoft, and Mozilla.

11/9/2006 About All Those Emails

Overnight, I got emails from Darren, Rickie, Aron, Malinda, Carmen, Rita, Erin, Belinda, Hilary, Young, Odell, Tammie, Logan, Carlos, Addie, Maribel, Zachary, and Tristan. (What, no Isolde?). They all come with the subject line of "It's [name] :)" and they talk about a hot stock that's certain to zoom up in price. There are no links in the email, so it's not a phishing attack, and there's no attachment. There's often a couple of lines of wire-service news copy at the bottom, to throw off the spam filters. This is just an old-fashioned stock tip scam, often referred to as a "pump and dump". People think they've received a hot tip, they buy the stock, pumping up its price. The scamsters, who bought the stock for pennies, dump it when the price goes up. Lucky me -- I got a tip on seventeen different hot stocks last night.

11/8/2006 Mozilla Patches Digital Signature Bug

There is a bug in the way that Mozilla Firefox, Thunderbird, and SeaMonkey handle RSA digital signatures. If the signatures use a low exponent, they could be forged. Mozilla fixed this in Firefox 2, but the fix was incomplete in Firefox 1.5.0.7. They have come out with a bug fix release, Firefox and Thunderbird version 1.5.0.8, and SeaMonkey 1.0.6, to take care of this and a few other bugs. Mozilla credits Ulrich Kuehn for finding this bug.

Today's BugBlog Plus has ten more bugs and fixes for Apple, Cisco, IBM, Microsoft, Mozilla, and NVIDIA.

11/7/2006 WordPress 2.0.5 Squashes Over 50 Bugs

If you are a WordPress blogger, it's time to upgrade. WordPress has released WordPress 2.0.5, which has around 50 bug fixes. Some of the fixes tighten security, including in the wp-db-backup plug-in. You can get the upgrade at http://wordpress.org/download/.

Today's BugBlog Plus has six more bugs and fixes for Apple, Microsoft, NVIDIA and Red Hat.

11/6/2006 Review: Mozilla Firefox 2.0

After a few months off, reviews are back at the BugBlog. Here's a first look at Mozilla Firefox. 2.0

11/6/2006 Bug in Microsoft XML ActiveX Control

Microsoft has issued a Security Advisory about a bug in the XMLHTTP 4.0 ActiveX Control. This control is part of Microsoft XML Core Services 4.0 on Windows, which should be present on Windows 2000, Windows XP, and Windows Server 2003 computers, even if the users don't know it. However, Windows Server 2003 users running with Enhanced Security Configuration on will not be vulnerable. An attack could be mounted if you browse to a maliciously designed page, resulting in hostile code running on your computer. Microsoft is working on a patch which will be coming in a future Patch Tuesday. Read the details at http://www.microsoft.com/technet/security/advisory/927892.mspx.

Today's BugBlog Plus has six more bugs and fixes for Apple, Microsoft, Mozilla and Wikipedia.

11/3/2006 Firmware Update for MacBook's Random Shutdown Syndrome

There is a new SMC firmware update for Apple MacBooks running Mac OS X 10.4.7 and 10.4.8. This update is supposed to improve stability and also cure unexpected shutdowns, what outsiders (but not Apple) refers to as "random shutdown syndrome." Get the update at http://www.apple.com/support/downloads/macbooksmcfirmwareupdate11.html.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, Mozilla and Sun Microsystems.

11/2/2006 Microsoft ActiveX Bug Wins the Bug of the Month

The bug, part of Microsoft's huge Patch Tuesday security release, wins the prize.

11/2/2006 IE7 Causes Problems for McAfee Update

McAfee reports that after you upgrade to Microsoft Internet Explorer 7, you will have problems updating McAfee Consumer 2006 products. By their count, you will see nine different yellow Information Bar warnings before you will be able to update their products. If you need help, McAfee has a 25 step workaround listed at http://ts.mcafeehelp.com/faq3.asp?docid=410052.

11/1/2006 Windows XP Repair Plays Havoc with IE 7

Once you have installed Microsoft Internet Explorer 7, you must take special precautions before you do a Windows XP repair installation. If you don't, you will break Internet Explorer. (Probably because the repair installation will write a whole bunch of older IE 6 DLL files.) Microsoft says you must uninstall IE 7 before doing the repair installation -- assuming your computer is functioning well enough for that. After the repair, you can reinstall IE 7. Read the details from Microsoft at http://support.microsoft.com/kb/917964/.

Today's BugBlog Plus has seven more bugs and fixes for Apple, Microsoft, Mozilla and Novell.

10/31/2006 Xbox 360 May Not Like Windows Media Player 11

If you first install Microsoft Windows Media Player 11 on a Windows XP computer, and then you try to authorize your Microsoft Xbox 360 to use it with Windows Media Connect, you may get an error message and the authorization won't take place. Microsoft has a workaround for this listed at
http://www.microsoft.com/windows/windowsmedia/player/11/readme.aspx
#ErrorwhensettingupXbox360softwareafter
WindowsMedi

Today's BugBlog Plus has eight more bugs and fixes for Apple, IBM, Microsoft, Mozilla and Sophos.

Google
 
Web www.bjkresearch.com

 

Copyright 2003-2007 BJK Research LLC

other stuff