BJK Research

The BugBlog

The BugBlog is a daily look at computer bugs, incompatibilities, and other things that can go wrong with your computer.

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. The BugBlog uses monthly archives. All of the current month's bugs are here. Use the links on the left to jump back to past months, or use the search form. XML

3/30/2007 The Attack of the Windows Animated Cursors

There is a bug in Microsoft Windows animated cursors. Hostile websites may be able to exploit this bug to load hostile code on your computer. Just about every version of Windows is vulnerable, including Vista, Windows Server 2003, Windows XP, and Windows 2000. At this point, there is no fix yet from Microsoft, although they have issued a security advisory at http://www.microsoft.com/technet/security/advisory/935423.mspx. A story at Computerworld says you may be safe if you use Mozilla Firefox. Read the whole thing at http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9015079

3/29/2007 New Diagnostic Windows XP Tool

A tip at the Internet Storm Center points to what appears to be an interesting tool from Microsoft called the Change analysis Diagnostics tool for Windows XP. By querying System Restore points, this tool will point out what changes have been made in software programs, operating system components including hotfixes, browser helper objects, drivers, ActiveX controls, auto-start extensibility points, and startup objects. Download the tool, and find out more about it, at http://support.microsoft.com/?kbid=924732.

3/28/2007 IE Threat Details Published

If you didn't install the cumulative update for Microsoft Internet Explorer that was released in February (and in the 2/13 BugBlog Plus), now may be a good time to do so. Code that exploits the bug has been published at the Milw0rm.com website. This may make it even easier for people to take advantage of the bug. You can get this patch at http://www.microsoft.com/technet/security/bulletin/ms07-016.mspx.

Today's BugBlog Plus has ten more bugs and fixes for Apple, IBM, Microsoft, Novell, and Websense.

3/27/2007 Coping With A Damaged Disk Image

According to Apple, the Mac OS X 10.4.9 update does a better job at detecting damaged or corrupted disk images. That means there is a great chance of seeing this error message when you try to open an image that's been damaged, either accidently or on purpose: The disk image you are opening may be damaged and could damage your system. Are you sure you want to open this disk image? Apple has some troubleshooting steps you can take to try to fix things at http://docs.info.apple.com/article.html?artnum=305111.

Today's BugBlog Plus has ten more bugs and fixes for Apple, Microsoft, and Sun Microsystems.

3/26/2007 Hijacking Windows Network Traffic

A demonstartion at the ShmooCon hackers conference showed a way to exploit a bug within the way Web Proxy Autodiscovery Protocol (WPAD) works on a Windows network using the Windows Internet Naming Service, or WINS. It may be able to hijack network traffic and divert users to other sites. A news story with more details is up at http://news.zdnet.com/2100-1009_22-6170229.html. Microsoft posted a Knowledge Base article with a configuration workaround at http://support.microsoft.com/kb/934864 in response.

3/24/2007 ActiveX Overflow in DVD Software

US-CERT reports that there are a number of ActiveX controls in the InterActual Player DVD application that have stack buffer overflows. If you are browsing the Web using Microsoft Internet Explorer, a maliciously-designed webpage may exploit this to run code on the target system. The only fix for now is to disable the InterActual SyscheckObject ActiveX control in Internet Explorer. See http://www.kb.cert.org/vuls/id/922969 for details.

Today's BugBlog Plus has five more bugs and fixes for Apple, Interactual and Microsoft.

3/23/2007 Trojan Targetng Skype Users

Skype users have to be cautious of a chat message with a link that says "Check up this". It is probably the Warezov Trojan horse, which will infect your computer, download some additional files, and then sending out the message to your contacts. In fact, the original message to you may have been triggered by one of your infected contacts. Round up the usual precautions - use anti-virus, and don't click on links you aren't sure about. (Personally, I'd dump IM, too, but that's just me.) Read more at http://news.zdnet.com/2100-1009_22-6169973.html.

 

3/22/2007 Retreating From Vista

Giving up on Windows Vista? Microsoft has posted detailed instructions on how, if you upgraded your computer to Windows Vista, you can revert back to your old operating system. Some of the success depends on how you upgraded to Vista in the first place. Read the long article at http://support.microsoft.com/kb/933168 to see what is involved.

3/21/2007 Firefox Fixes FTP Bug

Mozilla says that the way the Firefox browser handles the FTP protocol may allow a malicious website or FTP server to do a port scan of the victim's computer. This port scan may disclose information that could be used in a later attack against the computer, although the scan itself does no damage. This bug has been fixed in Firefox 2.0.0.3 and Firefox 1.5.0.11. Get your update at http://www.mozilla.com or via the Help, Check for Updates command on the browser.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, Microsoft and Mozilla.

3/20/2007 One Insider's View of OneCare

Microsoft's European business security product manager (or possibly now the ex-manager) told ZDNet in an interview last week that Microsoft Windows Live OneCare shipped too early. Because of that, it shipped with some pieces missing and that it is "far from perfect." You can read the whole thing at http://news.zdnet.co.uk/security/0,1000000189,39286351,00.htm?r=1. See the 3/9 BugBlog for an example of a OneCare bug.

Today's BugBlog Plus has five more bugs and fixes for Apple, Google, McAfee, Microsoft and OpenBSD.

3/19/2007 Identity Theft a Rising Online Business

According to the latest Symantec Internet Security Report, stolen identities are becoming a commodity. For $14, you may be able to buy an identity online that includes bank account numbers, credit cards, and a Social Security number. Read more from Symantec at http://www.symantec.com/enterprise/security_response/weblog/2007/03/internet_security_threat_repor.html

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, and Microsoft.

3/18/2007 Episode 4: Can a PC Guy Become a Mac Guy?

A hardware review of the MacBook

3/17/2007 Apple Fixes Incompatibilities with Mac OS X 10.4.9

Apple says that the Mac OS X 10.4.9 update fixes a number of incompatibilities with third-party applications. It fixes problems with apps that use Rosetta, including LEGO StarWars, Adobe InDesign, H&R Block TaxCut, and Big Business' Big Business 5.1.0. It also fixes a bug with the Adobe Arno Pro Italics font, and some problems with Microsoft OpenType Fonts in Word 2004.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, and Microsoft.

3/15/2007 AV Bugs in Windows Vista

Microsoft says that there are incompatibilities between unspecified USB audio devices and USB audio TV tuners on Windows Vista computers. They won't work if you try to use them. Microsoft has a hotfix for this, so if you have one of these audio devices or TV tuners giving you trouble, see http://support.microsoft.com/kb/933262 about getting the hotfix.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, Microsoft, and Trend Micro.

3/14/2007 Disk Images Bugs in Mac OS X

There are a number of bugs in the Mac OS X 10.3.9 and 10.4.x Disk Images application. A number of these bugs can be exploited to either crash the application or run hostile code on the Mac. These have been fixed in Mac OS X 10.4.9 and Security Update 2007-003.The updates are available through Apple's Software Update. Some of these bugs were first reported on the Month of Apple Bugs website.

3/11/2007 Too Many Cookie Jars for Outlook 2007

If you publish a calendar in Microsoft Office Outlook 2007, it may stop updating. When publishing it, you may also get an error message:
Access to the resource was denied. If you have signed in to and saved your Windows Live ID with a Web site, sign out of that Web site, and then try this operation again.
Microsoft says that you won't have any success signing out at that page, because it won't recognize you as signing in. The problem is that Internet Explorer stores cookies in two different locations. Windows Live may be looking for its cookie in one place, and won't know enough to look at the other. Microsoft has some workarounds at http://support.microsoft.com/kb/932751.

The BugBlog is going on the road -- and may not update for a few days.

3/10/2007 Patch Tuesday is Patchless

Microsoft has announced that they will be releasing no security bulletins for the March Patch Tuesday. It's not that there are no security bugs left, they just haven't finished the patches yet. The Internet Storm Center maintains a list of unpatched security problems in Microsoft software at http://isc.sans.org/diary.html?storyid=1940.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, and Novell.

3/9/2007 Windows Live OneCare Views Outlook As A Threat

According to discussions in a Microsoft forum, and in news reports, it appears that Microsoft Windows Live OneCare thinks that Microsoft Outlook and Outlook Express data files may be malware, and quarantines them. Older versions of Outlook, including Outlook 97 and 2000, seem to be targets, as well as Outlook Express. See https://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=1307595&SiteID=2 for some of the horror stories.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, Novell and Palm.

3/8/2007 iTunes 7.1 and Vista

Apple iTunes 7.1 for Windows clears up some, but not all, of the incompatibilities with Microsoft Windows Vista. According to Apple, when using iTunes 7.1 and with your iPod connected to the Vista computer, you don't want to use the "Safely Remove Hardware" feature in your System Tray. You may end up with a corrupted iPod. If that happens, reconnect it to the computer, and in iTunes go to the iPod panel and click Restore. Then, only disconnect the iPod using the Eject button within iTunes.

Today's BugBlog Plus has five more bugs and fixes for Cisco, Microsoft, and Symantec.

3/7/2007 Graphics Driver Problem in Windows Vista

There is an incompatibility between some integrated video cards and Microsoft Windows Media Player 11 on a Windows Vista computer. The incompatibility is in the drivers that come with these two integrated graphics chipsets: Intel 82865G Graphics Controller (Microsoft Corporation - XDDM), and Intel 82915G/GV/910GL Express Chipset Family (Microsoft Corporation - XDDM). They might cause a vertical bar or band to appear in the middle of the playback window. This line may be discolored blue or green. The drivers in question have a 8/1/06 date. At this time, there is no fix so you'll probably need to wait for a driver update. Keep an eye on http://support.microsoft.com/kb/933708 for news.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, Citrix, Ipswitch and Microsoft.

3/6/2007 Apple Patches QuickTime

Apple has issued a security patch for QuickTime for both Mac OS X 10.3.9 and later, and Windows Vista/XP/2000. This patch takes care of two different bugs that may allow malicious content to sneak into your computer via Quicktime movies. One bug is a heap buffer overflow, and the other is an integer overflow. Get the QuickTime 7.1.5 update for Windows at http://www.apple.com/quicktime/download/win.html. Mac users can use Software Update. Apple credits Mike Price of McAfee AVERT Labs, Piotr Bania, and Artur Ogloza for finding the first bug, and Sowhat of Nevis Labs, and an anonymous researcher working with TippingPoint and the Zero Day Initiative for finding the second.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Microsoft and Red Hat.

3/5/2007 WordPress Update Gets Infected

It appears an outside attacker managed to add hostile code to WordPress 2.1.1 on the WordPress servers. While not everyone who installed WordPress 2.1.1 may be affected, WordPress is urging all its customers to upgrade to version 2.1.2 right away. You may also want to change passwords, too, if you use WordPress. See more at http://wordpress.org/development/2007/03/upgrade-212/.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, and Microsoft.

3/3/2007 US Congress Gets the Bug of the Month

It's not Y2K all over again, but it does mean its Patch Time.

3/3/2007 Adobe Acrobat and Reader Allows Info Theft

SecurityFocus has word or a bug in Adobe Acrobat and Adobe Reader 7.0.9 and earlier. This bug may allow attackers to get the contents of files on the victim's computer. This stolen information may then be used in other attacks. There does not seem to be any official word from Adobe. SecurityFocus credits pdp with finding this bug. Watch for an update at http://www.securityfocus.com/bid/22753.

Today's BugBlog Plus has five more bugs and fixes for Apple, Lenovo, Microsoft, and Mozilla.

3/2/2007 Bad ActiveX Control Supplied By Third Parties

US-CERT reports that an ActiveX control, that many organizations use for remote support, has a number of buffer overflows that a remote attacker can use to run their hostile code on your computer. The control is called the SupportSoft ActiveX control, but most people will have gotten it from a third party, such as an ISP, computer vendor, or bank, to help with remote technical support. There are a list of files, includeing tgctlsi.dll and tgctlins.dll, that you need to search for to see if you have this control. The full list of bad files is at http://www.kb.cert.org/vuls/id/441785. This page also has a list of third-parties who may have used this, including Bank of America, BellSouth, BT, Comcast, and Symantec. You will need to get updates from whoever supplied the controls to you.

3/1/2007 Word 2007 Crashes on Old List

Microsoft says that Word 2007 does not like really old lists. How old? If you are trying to modify a list in a document originally created in Microsoft Word for Windows 6 (that's old) you may crash Word 2007. The problem comes if the old list was first modified in some other version of Word, and then in Word 2007 you try to Define New Multilevel List. Word will crash with this error signature: Winword.exe 12.0.4017.1006 Wwlib.dll 12.0.4017.1006 008da991. Microsoft has a workaround for this at http://support.microsoft.com/kb/926955.

2/28/2007 McAfee Virex 7.7 Bug

McAfee says that Virex 7.7 for Mac OS X has a bug in the way that default permissions are set. This may allow local authenticated users to launch an attack. If you are running Virex 7.7 on your own Mac, you probably don't need to worry, since you probably aren't going to attack yourself. However, if you are administering a network that uses this software, you should go to https://knowledge.mcafee.com/article/283/518722_f.SAL_Public.html for update information for Virex 7.7 Patch 1.

Today's BugBlog Plus has ten more bugs and fixes for AOL, Apple, Microsoft, Mozilla, Opera and Symantec.

2/28/2007 Episode 3 - Can a PC Guy Become a Mac Guy?

The MacBook is finally here.

 

 

Google
 
Web www.bjkresearch.com

 

 

 

 

Copyright 2003-2007 BJK Research LLC

 

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Amazon Honor System Click Here to Pay Learn More

BugBlog archives:

May 07
April 07
March 07
Vista Special Report
February 07
January 2007
December 06
November 06
October 06
September 06
August 06
July 06
June 06
May 06
April 06
March 06
February 06
January 06

See the Site Map for BugBlog archives back to 2002