BJK Research

The BugBlog

The BugBlog is a daily look at computer bugs, incompatibilities, and other things that can go wrong with your computer.

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. The BugBlog uses monthly archives. All of the current month's bugs are here. Use the links on the left to jump back to past months, or use the search form. XML

7/31/2007 Firefox Fixes URI Handling Bug

Mozilla Firefox may pass off arguments to other applications without properly encoding spaces and double quotes in URIs. Attackers may be able to exploit this to run hostile code. This is fixed in Mozilla 2.0.0.6, and there is also workaround information at http://www.mozilla.org/security/announce/2007/mfsa2007-27.html, Mozilla credits Jesper Johansson, Billy Rios and Nate McFeters with research on this problem, along with Secunia.

7/28/2007 Windows Vista Special Report Updated

The Windows Vista Special Report has been updated with all the BugBlog Vista items from February through July. BugBlog Plus items will be added later.

7/27/2007 Windows XP Drivers May Affect iPhone

A problem with the digital signing of some Windows XP drivers may interfere with Apple iTunes for Windows ability to connect with your iPhone or iPod. Instead, you will see this error message:
iTunes might be unable to launch or communicate with iPod or iPhone. For help repairing your operating system, click More Information.
Apple has information on how to create a batch file that will fix this at http://docs.info.apple.com/article.html?artnum=305999.

7/18/2007 Mozilla Guards Against an IE Flaw

According to Mozilla, there is a bug in the way that Microsoft Internet Explorer calls registered URL protocols. If you browse a malicious webpage with IE, it could start Mozilla Fifefox and pass the bad data on to the other browser. This may allow an attacker to run hostile code on your computer. The Fifefox 2.0.0.5 update will plug this hole on the Firefox side, but does not fix the original bug in IE. See http://www.mozilla.org/security/announce/2007/mfsa2007-23.html for the details.

7/12/2007 Symantec Backup Exec Bug

There is a bug in Symantec Backup Exec for Windows Servers 10.x and 11 that may allow remote attackers to launch denial of service attacks that turn off the backup service. They may also be able to exploit the bug to run hostile code on the server. Symantec has a hotfix for this at http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11a.html. They credit iDefense with finding this bug. See their explanation at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=553.

7/10/2007 Microsoft Patches .NET Bugs

A number of bugs in the Microsoft .NET Framework 1.x and 2.0 may allow critical attacks against Windows 2000 and Windows XP computers, with less severe attacks possible against Windows Server 2003 and Windows Vista. Remote attackers may be able to exploit these bugs to run their code on the victim's computers. Microsoft has links to the patches at http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx. Microsoft credits Dinis Cruz of OWASP, Paul Craig of Security Assessment, Jeroen Frijters of Sumatra and Ferruh T. Mavituna of Portcullis Computer Security Ltd. for finding these bugs.

7/9/2007 Windows ReadyBoost Leaks Memory

There is a memory leak in the Windows ReadyBoost driver for Windows Vista. ReadyBoost is a way to use flash memory to boost Vista's performance, and according to Microsoft, you may not even know if it is running. In some hardware configurations, it leaks memory which may lead to this error message:
STOP: 0x0000006F (parameter1, parameter2, parameter3, parameter4) SESSION3_INITIALIZATION_FAILED.
Microsoft also said there could be other problems that could generate this error message, other than the memory leak. They do have a hotfix for it. Either wait for the service pack, or see http://support.microsoft.com/kb/939008/ on how to get it earlier.

7/7/2007 Patch Tuesday is Coming

This Tuesday is Patch Tuesday, and in honor of the occasion Microsoft is giving us six presents. Three of them are Critical level security patches, covering Office, Excel, Windows, and the .NET framework. Two are important, for Office, Publisher, and Windows XP. There's one Moderate security bulletin for Windows Vista. Stay tuned for the details on Tuesday afternoon.

7/6/2007 What Kills Hard Drives?

One of the worst things that can happen to your computer is hard drive failure. What can contribute to drive failure? At ZD Net's Storage Bits blog, there is an article called "Disk Drive Life Depends On...Luck", which is either encouraging or discouraging, depending on your point of view. Read it at http://blogs.zdnet.com/storage/?p=156.

7/5/2007 Mac Audio Update

If you've updated to Mac OS X 10.4.10 on an Intel-based Mac, you may hear some audio distortion from external speakers. Apple describes it as "popping". They have an Audio Update 2007-001 that is supposed to fix it. Read more about it at http://docs.info.apple.com/article.html?artnum=305840.

7/3/2007 Outlook Improves Its Presence

Microsoft has a hotfix for Outlook 2007 that fixes a number of Presence bugs. Presence requests from Office applications to presence applications should now work correctly; if a number of presence icons appear, they should no longer flicker; and they should show the correct information. See http://support.microsoft.com/kb/936864/ for information on how to get the fix.

7/2/2007 Adobe Programs Don't Like Realtek

Try to start up Adobe After Effects, Audition, Encore DVD, Photoshop, Premiere Elements, Premiere Pro, or Soundbooth on a Windows XP computer with a Realtek High Definition Audio integrated sound card, and you may get a system crash with this error message:
"Stop: 0X000000C5" or "Stop: 0x0000008E"
To fix this, Adobe says you need an updated driver from Realtek. Get version 1.33 at http://www.realtek.com.tw.

7/1/2007 Major Update for Mozilla 1.5 Users

Mozilla will not be updated the Firefox 1.5 browser line in the future. To help users make the jump up to Firefox 2.0.0.4, there is a new migration tool called Major Update for Firefox 1.5 to 2.0. They talked about it in early June at http://developer.mozilla.org/devnews/index.php/2007/06/06/rollout-of-major-update-for-firefox-15-to-20/, and it's been offered since June 28 for people ready to make the jump into the future.

6/28/2007 Apple Patches Cross-Site Scripting Bug

A bug in the WebCore for Apple Mac OS X 10.3.9 and 10.4.9 may allow a website to launch a cross-site scripting attack, tricking you into revealing personal data to the wrong website. Apple has fixed this in the 2007-006 Security Update. Read more about it at http://docs.info.apple.com/article.html?artnum=305759. Apple credits Richard Moore of Westpoint Ltd.for finding this bug.

 

Google
 
Web www.bjkresearch.com

 

 

 

 

Copyright 2003-2007 BJK Research LLC

 

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Amazon Honor System Click Here to Pay Learn More

BugBlog archives:

May 07
April 07
March 07
Vista Special Report
February 07
January 2007
December 06
November 06
October 06
September 06
August 06
July 06
June 06
May 06
April 06
March 06
February 06
January 06

See the Site Map for BugBlog archives back to 2002