$B%;%-%e%j%F%#%[!<%k(B memo - 2005.07

Last modified: Tue Apr 10 17:43:26 2007 +0900 (JST)

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B"#(B 2005.07.29

$B"#(B Advisory: Sophos buffer overflow vulnerability
(Sophos, 2005.07.27)

$B!!$$$/$D$+$NHG$N(B Sophos AntiVirus $B$K(B buffer overflow $B$9$k7g4Y$,B8:_$9$k$=$&$G!#(B $B>\:Y$OITL@!#(B Sophos AntiVirus 3.96.0 ($B8x3+:Q(B) $B$*$h$S(B 4.5.4 ($B$^$@$_$?$$(B) $B$G$O=$@5$5$l$F$$$k$=$&$@!#(B

$B!!(B5.0.x $B7O$O(B?

2005.08.30 $BDI5-(B:

$B!!(BAdvisory: Sophos Anti-Virus Library Remote Heap Overflow (Sophos) $B$N:G?799?7$O(B 2005.08.26$B!#(BSophos Anti-Virus for Mac OS 8/9 $B$,(B 3.9.7 $B0J9_$G=$@5$5$l!"A4$F$N(B OS $BHG$G$N=$@5$,40N;$5$l$?$h$&$G$9!#(B5.0.x $B7O$O(B 5.0.5 $B0J9_$G=$@5$5$l$F$$$^$9!#(B

$B"#(B 2005.07.28

$B"#(B 2005.07.27

$B"#(B Y.SAK Scripts Have Input Validation Holes That Let Remote Users Execute Arbitrary Commands
(securitytracker, 2005.07.17)

$B!!(BSAK Streets $B$G8x3+$5$l$F$$$?(B CGI $B%9%/%j%W%H(B $B$N$$$/$D$+$K$D$$$F!"0JA0$NHG$K7g4Y$,$"$j!"(Bremote $B$+$i(B OS $B>e$NG$0U$N%7%'%k%3%^%s%I$r$B8=:_8x3+$,Dd;_$5$l!"1?MQCf;_$,8F$S$+$1$i$l$F$$$k(B$B!#(B $B$J$+$N$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!$0$0$k$H!"$3$N7o$N(B exploit $B$H$*$\$7$-$b$N$bH/8+$G$-$F$7$^$$$^$9$M!D!D!#(B $B%/!<%k7G<(HD$J$I(B w_s3*.cgi $B$N1?MQ

$B"#(B IDN-enabled TLDs
(mozilla.org)

$B!!(BMozilla $B%W%m%8%'%/%H$K$*$$$F(B IDN ($B9q:]2=%I%a%$%sL>(B) $B$,M-8z$K$5$l$k(B TLD $B$N%j%9%H!#(B $B$b$A$m$s(B .jp $B$b4^$^$l$F$$$^$9!#(B $B5U$K8@$&$H!"$3$3$K4^$^$l$F$$$J$$(B TLD $B$G$O(B IDN $B$O4m81$9$.$FM-8z$K$G$-$J$$!"$H!#(B

$B"#(B $B!V9qFb%f!<%6!<$N(B40$B?M$K(B1$B?M$,%\%C%H$K46@w!W!=!=(BTelecom-ISAC$B$J$I$,D4::(B
($BF|7P(B IT Pro, 2005.07.27)

4$B7n(B1$BF|$+$i(B5$B7n(B12$BF|$^$G(B ($BCfN,(B) $B$KJa3M$7$?%W%m%0%i%`$N$&$A!$%\%C%H$H$7$F$N5sF0$,3NG'$5$l$?$N$O!$(B3$BK|(B1846$B7o!J(B3705$B.;3;a!K(B

$B!!B?$$$H$OJ9$$$F$$$^$7$?$,!"$=$l$[$I$H$O!#(B $BFC$K!"8!=P$G$-$J$$(B bot $B$N?t!D!D!#(B

$B%\%C%H$,Aw?.$9$k%H%i%U%#%C%/$O!$(B1$BBf!J(B1IP$B%"%I%l%9!K$"$?$j(B0.3k$B%S%C%H!?ICDxEY!#$3$N$?$a!$9qFb$N(BISP$B%f!<%6!<$N(B2$B!A(B2.5$B!s$,46@w$7$F$$$k$H$9$k$H!$A4%]%C%H$,@j$a$kBS0h$O(B10G$B%S%C%H!?IC$KAjEv$9$k$H$$$&!#(B

$B!!$U$D$&$N4k6H$J$i!"(B1/100 $B$K967b$5$l$?$@$1$G$b%D%V$5$l$k$h$M$(!#(B $B$$$d$O$d!#(B

$B"#(B 2005.07.26

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B $BDI5-(B

HTTP Request Smuggling

$B!!(B[SA14530] Apache HTTP Request Smuggling Vulnerability (secunia)$B!#(BApache 2.0.55 $B$G=$@5$5$l$kM=Dj$@$=$&$G$9!#(B

$BHkJ8$H(BSymantec AntiVirus$B!"F10l(BPC$B$K%$%s%9%H!<%k$9$k$H0E9f%U%!%$%kGK2u$N$*$=$l(B

$B!!%7%^%s%F%C%/$+$i2sHr%D!<%k$,8x3+$5$l$^$7$?(B: $BHkJ8$G0E9f2=$7$?%U%!%$%k$r3+$1$J$$(B ($B%7%^%s%F%C%/(B)$B!#(B

$B0J2<$N%3%^%s%I$r * SAVCE $B%/%i%$%"%s%H$N>l9g(B:
C:\Program Files\Symantec AntiVirus\SAVRTICFG.exe ICFG:OpenScanningMode 0
* SCS $B%/%i%$%"%s%H$N>l9g(B:
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRTICFG.exe ICFG:OpenScanningMode 0

$B!!$J$s$@$+(B SAVCE $B$d(B SCS $B$N5!G=$N0lIt$rL58z2=$7$F$$$k46$8$G$9$M!D!D!#(B SAVRTICFG.exe $B$r;H$&$H!"$b$C$H$$$m$$$m@_Dj$G$-$k$N$+$J$"!#(B

$B"#(B 2005.07.25

$B"#(B [Full-disclosure] ClamAV Multiple Rem0te Buffer Overflows
(Full-disclosure ML, Mon, 25 Jul 2005 22:29:28 +0900)

$B!!(BClamAV 0.86.1 $B0JA0$KJ#?t$N7g4Y!#(B TNEF, CHM, FSG $B%U%!%$%k$N8!>Z$K$*$$$F(B integer overflow $B$9$k7g4Y$,$"$j!"96N,%U%!%$%k$K$h$jG$0U$N%3!<%I$r

$B!!(BClamAV 0.86.2 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B 2005.07.24

$B"#(B $BDI5-(B

IBM ThinkPad X41 $B$,30It$+$iC/$G$b%7%c%C%H%@%&%s$G$-$k;EMM$K$D$$$F(B

$B!!$3$l$r%M%?$K$7$F(B $B@H (japan.zdnet.com) $B$H$$$&5-;v$,=q$+$l$F$$$k$C$]$$!#(B $B$=$NFbMF$K$D$$$F$O(B $B6K3Z$;$-$e$"F|5-(B $B$d(B Lucrezia Borgia $B$N(B Room Cantarella $B$G$D$C$3$^$l$F$$$k$,!"(B $B$=$l0JA0$NLdBj$H$7$F!"CxyFs;a$O!"(B $B$J$$B;EMM(B$B$K$D$$$F!W$H$7$F$$$k$N$+$r9M$($k$Y$-$@$C$?$N$G$O!"$H;W$&!#(B

$B"#(B $B7Y;!D#$N;X<($,%9%Q%$%&%'%"46@w$r>7$-6bM;Ho32$r$b$?$i$7$F$$$k2DG=@-(B
($B9bLZ9@8w!w<+Bp$NF|5-(B, 2005.07.22)

$B!!$^$:$O0lFI$r!#$$$d$O$d!#(B

$B!!(BZoomSight (hitachi.co.jp) $B$O(B 2004 $BG/EY%0%C%I%G%6%$%s>^$r^(B$B$7$F$$$k$N$@$=$&$G!#(B $B$G!"(B $BF|N)<+?H$K$h$k%G%b%5%$%H(B$B$,MQ0U$5$l$F$$$k$N$G$9$,!"(B $B$=$3$+$i$?$I$l$k(B ZoomSight $B@bL@%Z!<%8(B$B$G$b(B

$BF0:n>r7o(B
($BCfN,(B)
* $B$*;H$$$N%V%i%&%6$N@_Dj$,!"=pL>IU$-(BActiveX$B$N

$B$H$5$l$F$7$^$C$F$$$^$9$M!#F0:n>r7o$H$7$F;XDj$7$^$9$+$=$&$G$9$+!D!D!#(B SIer $B$H$$$&$h$j$O3+H/85$NLdBj$_$?$$$G$9$M$(!#$b$C$H$b!"$=$l$K5?Ld$r46$8$J$$(B SIer $B$bLdBj$J$N$@$m$&$1$I!#(B

2005.08.04 $BDI5-(B:

$B!!;w$?$h$&$J;X<($OB>$K$b$$$m$$$m$"$k$N$@$=$&$G(B:

$B"#(B 2005.07.23

$B"#(B [Full-disclosure] Compromising pictures of Microsoft Internet Explorer!
(Full-disclosure ML, Sat, 16 Jul 2005 00:37:17 +0900)

$B!!(BInternet Explorer $B$K$*$1$k(B JPEG $B%U%!%$%k$Nl9g$K$h$C$F$OG$0U$N%3!<%I$N$B%5%s%W%k(B JPEG $B%U%!%$%k(B$B$r

$B!!(B IE 6.0 SP2 Firefox 1.0.6
mov_fencepost.jpg $B%/%i%C%7%e(B $BLdBj$J$7(B[1]
cmp_fencepost.jpg $B%/%i%C%7%e(B $BLdBj$J$7(B[1]
oom_dos.jpg $BLdBj$J$7(B[2] $BLdBj$J$7(B[3]
random.jpg $BLdBj$J$7(B[2] $BLdBj$J$7(B[3]

$BCp

  1. $B2?$bI=<($5$l$J$$(B
  2. $B3HBg!&=L>.%"%$%3%s$,I=<($5$l$?$j$5$l$J$+$C$?$j$9$k(B
  3. The image $B!H(Bhttp://lcamtuf.coredump.cx/crash/oom_dos.jpg$B!I(B cannot be displayed, because it contains errors $B$N$h$&$KI=<($5$l$k(B

$B!!4XO"(B: IE$B$KL$%Q%C%A$N@HZ%3!<%I$"$j(B (slashdot.jp, 2005.07.19)

2005.08.10 $BDI5-(B:

$B!!(BInternet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (896727) (MS05-038) (Microsoft) $B$G=$@5$5$l$^$7$?!#(B CVE: CAN-2005-1988

$B"#(B $B%&%$%k%9BP:v%=%U%H!V(Bavast!$B!W$K(B2$B
($BAk$NEN(B, 2005.07.22)

$B!!85$M$?(B: Secunia Research 21/07/2005 - avast! Antivirus ACE File Handling Two Vulnerabilities - (secunia)$B!#(Bavast! 4.x $B$K$*$1$k(B ACE $B7A<0%U%!%$%k$N07$$$K7g4Y!#(B avast! 4.x $B$K4^$^$l$k(B 3rd $B%Q!<%F%#%i%$%V%i%j(B UNACEV2.DLL $B$K7g4Y$,$"$j!"(B

$B"#(B 2005.07.22

  • $B!U(B $B;dJ*#P#C$,46@w!"86H/8!::;qNA$,%M%C%H>eN.=P(B ($BFIGd(B, 7/22)$B!#Nc$K$h$C$F(B Winny $B$M$?$J$N$G$9$,!"(B

    $B%G!<%?$,J]B8$5$l$F$$$?J]0B1!8!::41$N;dJ*%Q%=%3%s$,%3%s%T%e!<%?!<%&%$%k%9$K46@w$7!"N.=P$,5/$-$?$H$_$i$l$k!#3KJ*

    $B$h$j$K$b$h$C$FJ]0B1!$N8!::41$+$i%@%@1L$l$7$A$c$C$F$^$9!#(B

$B"#(B $BDI5-(B

CAN-2005-2096: zlib 1.2.x buffer overflow

$B!!$3$N7g4Y$,=$@5$5$l$?(B zlib 1.2.3 $B$,=P$F$$$^$7$?!#(B

$B"#(B fetchmail-SA-2005-01: security announcement
(fetchmail, 2005.07.22)

$B!!(Bfetchmail 6.2.5 $B0JA0$K7g4Y!#(BPOP3 $B5!G=$K(B buffer overflow $B$9$k7g4Y$,$"$j!"96N,%5!<%P$ND9Bg$J(B UID $B=PNO$K$h$C$FG$0U$N%3!<%I$rCAN-2005-2335

$B"#(B 2005.07.21

$B"#(B $BDI5-(B

JCE 1.2.1 $B$N>ZL@=q4|8B@Z$l$K4X$9$kCm0U4-5/(B

$B!!(BJCE1.2.1$B$N(BHotFix$B$K$D$$$F$N(BQA ($B%^%+%U%#!<(B)$B!#(BIntruShield $BMQ(B patch $B=P$^$7$?!#(B

$B$$$m$$$m(B (2005.07.17)

$B!!(BNullsoft$B!"G$0U$N%3!<%I$, ($BAk$NEN(B, 2005.07.21)$B!#(B[Full-disclosure] LSS Security Advisory: Winamp remote buffer overflow vulnerability $B$N7o$,=$@5$5$l$?LOMM!#(B

$B"#(B Mandatory Greasemonkey Update
(greaseblog.blogspot.com, 2005.07.19)

$B!!(BGreasemonkey $B$N(B 0.3.5 $B$h$jA0$NHG$K7g4Y!#(B $B>/$J$/$H$b(B 1 $B$D$N(B UserScript $B$K%^%C%A$9$k(B web $B%5%$%H$,!"%f!<%6(B PC $B>e$N%m!<%+%k%U%!%$%k$rFI$_-Mh$NHG$G5!G=$,I|3h$9$kM=Dj$@$=$&$@!#(B

$B"#(B Hiki Advisory 2005-07-21
(Hiki, 2005.07.21)

$B!!(BWiki $BHiki $B$N(B 0.8.0 $B!A(B 0.8.1 $B$K$*$$$F!"%W%i%0%$%s=q<0Fb$NJ8;zNs$K$*$1$k(B " $B$N%(%9%1!<%W$,$J$5$l$F$$$J$$$?$a$K(B XSS $B7g4Y$,B8:_!#(B 0.8.2 $B$G=$@5$5$l$?$=$&$G$9!#$+$:$R$3$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B tDialy $B$H$O$F$J$N(B CSRF $B7g4YBP1~(B
(various)

$B!!(BtDialy $B$H(B$B$O$F$J(B$B$G(B CSRF $B7g4Y$X$NBP1~$,$J$5$l$F$$$k$h$&$G$9!#(B

$B!!$$$:$l$b!"(BCSRF $B7g4YBP1~$N$?$a$K;EMM$,JQ99$5$l$F$$$k$=$&$G!#(B $BCm0U$7$^$;$&!#(BtDiary $B$N>l9g$O(B tDiary 2.0.2$B!"(B2.1.2$B%j%j!<%9(B $B$K$$$m$$$m$HCm0U=q$-$,$"$j$^$9!#(B

$B"#(B 2005.07.20

$B"#(B FreeBSD Security Advisory FreeBSD-SA-05:17.devfs
(freebsd-security ML, Wed, 20 Jul 2005 22:54:26 +0900)

$B!!(BFreeBSD 5.x $B$N(B devfs(5) $B$K7g4Y!#(Bjail(2) $B4D6-$NFbB&$+$i!"1#JC$5$l$F$$$k$O$:$N%G%P%$%9$K%"%/%;%9$G$-$F$7$^$&!#(Bpatch $B$,$"$k$N$G!"E,MQ$7$?>e$G(B kernel $B$r:F9=C[$7!"%$%s%9%H!<%k8e:F5/F0$9$l$P$h$$!#(B $B4XO"(B:

$B"#(B $BDI5-(B

JCE 1.2.1 $B$N>ZL@=q4|8B@Z$l$K4X$9$kCm0U4-5/(B

$B!!(BIntruShield$B$G!"(BJCE 1.2.1$B$N>ZL@=q$N4|8B@Z$l$NLdBj$K$D$$$F(B ($B%^%+%U%#!<(B)$B!#(BIntruShield v1.8$B!"(Bv1.9$B!"(Bv2.1 $B$G(B JCE 1.2.1 $B$r;H$C$F$*$j!"(B JCE 1.2.2 $B$X0\9T$9$k(B patch $B$,(B 2005.07.21 $B$KDs6!$5$l$kM=Dj$@$=$&$@!#(B

Mozilla Firefox and Thunderbird 1.0.6 Releases Coming

$B!!(BFirefox $B$H(B Thunderbird $B$N(B 1.0.6 $BHG$,=P$^$7$?!#(BFirefox 1.0.6 $B$K$D$$$F$O3F9q8l%m!<%+%i%$%:HG$bF1;~%j%j!<%9$5$l$F$$$^$9!#;DG0$J$,$i!"(BThunderbird 1.0.6 $B$O:#$N$H$3$m1Q8lHG$7$+$"$j$^$;$s!#(B

$B!!AaED$5$s!">eED$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

Update: New Windows XP SP2 vulnerability

$B!!F|K\8lHG=P$^$7$?(B: $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (904797): $B%j%b!<%H(B $B%G%9%/%H%C%W(B $B%W%m%H%3%k(B (RDP) $B$N@H (Microsoft)

JVN#257C6F28$B!'(B Internet Explorer $B%3%s%]!<%M%s%H$r;HMQ$9$k%"%W%j%1!<%7%g%s$K$*$1$k%;%-%e%j%F%#%>!<%s$N07$$$K4X$9$k@H

$B!!4XO"$H$7$F!"(BWebBrowser Control $B$r;H$&(B MUA $B$KFCBg$N%;%-%e%j%F%#!<%[!<%k(B $B$rDI2C(B ($B;2>H(B: [memo:8609])

$B!!(B(link fixed: $B?eLn$5$s46

$B"#(B 2005.07.19

$B"#(B 902322 - You receive a "0x8007041D" error when you visit the Windows Update Web site
(Microsoft, 2005.07.07)

$B!!(BWindows $B>e$G(B NOD32 $B$N%P!<%8%g%s(B 2.50.23 $B$h$jA0$NHG$rMxMQ$7$F$$$k>l9g$K!"(BWindows Update $B$d(B Microsoft Update $B$,(B 0x8007041D $B%(%i!<$r=P$7$F<:GT$9$k$3$H$,$"$kLOMM!#(B2.50.23 $B0J9_$G2r7h$5$l$F$$$kLOMM!#(B

$B!!%-%d%N%s%=%j%e!<%7%g%s$K$b(B Microsoft Update$B!J(BWindows Update$B!K$,$G$-$J$$(B (canon-sol.jp) $B$H$7$F>pJs$,=P$F$$$k$,!"$J$<$+(B KB 902322 (Microsoft) $B$[$IL@3N$JFbMF$G$O$J$$!#(B $B$A$J$_$K(B $BK\2H$N%@%&%s%m!<%I%Z!<%8(B$B$r8+$k$H!":G?7%P!<%8%g%s$O(B 2.50.25 $B$NLOMM!#(B $B

$B!!$*$*$+$o$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!$J$*!"(BWindows Update $B$N%H%i%V%k$K$D$$$F$O!"$^$:$O(B 884101 - Windows Update $B$K4X$9$k5;=Q>pJs(B (Microsoft) $B$r8+$F$_$k$H5H$J$h$&$G$9!#(B

$B"#(B 2005.07.18

$B"#(B Mozilla Firefox and Thunderbird 1.0.6 Releases Coming
(MozillaZine, 2005.07.16)

$B!!(BFirefox $B$H(B Thunderbird $B$N(B 1.0.5 $BHG$K$O(B API $B$NJQ99$KH<$&8_49@-$NLdBj$,H/@8$7$F$*$j!"(B

  • $B$3$l$KBP1~$7$?(B 1.0.6 $BHG$rAa4|$KDs6!$9$k(B ($B4{$K(B RC $BHG(B$B$,EP>l$7$F$$$k(B)
  • 1.0.5 $BHG$K$D$$$F$O1Q8lHG$N$_$H$7!"3F9q8l%m!<%+%i%$%:HG$ODs6!$5$l$J$$(B

$B$3$H$,7hDj$5$l$?LOMM!#(B $B$3$N>u67$KBP$7$F!"3F9q$N%m!<%+%i%$%:HGMxMQe$2$F$$$kLOMM!#(B $BF|K\8lLu(B #768544 (slashdot.jp) $B$h$j(B:

$B!VMj$`$+$i!"$=$s$J$K[#Kf$JBVEY$O$d$a$F$/$l!*!!2?$,LdBj$J$N$+$-$A$s$H@bL@$r$7$F$/$l!*!W$H%]!<%i%s%I8l$N%m!<%+%i%$%Firefox 1.0.5 $B%m!<%+%i%$%u67$K4X$9$k(B netscape.public.mozilla.l10n $B%K%e!<%9%0%k!<%W$X$N%a%C%;!<%8(B$B$NCf$GHaDK$N@<$r>e$2$F$$$k!#!V%]!<%i%s%I$N(B Firefox $B%f!<%6$+$i(B Firefox 1.0.5 $B$,$J$<%]!<%i%s%I8l$GMxMQ$G$-$J$$$N$+$r?R$M$kEE;R%a!<%k$r;3$N$h$&$Ku67$rCN$i$7$a$kBg!9E*$J@kEA$K$J$C$F$7$^$&!#!W(B

$B!!4{$K==J,@kEA$K$J$C$F$$$k$h$&$J5$$,!#(B

$B!!(B#768544 $B$O(B slashdot.jp $B$N4XO"%9%l(B $B!V(BFirefox/Thunderbird 1.0.5$BF|K\8lHG$O8+Aw$j(B$B!W(B($B8+Aw$i$l$?$N$OF|K\8lHG$@$1$G$O$J$$$N$G$3$N%?%$%H%k$O8m2r$r>7$$$F$$$k$h$&$@$,!D!D(B) $B$+$i$N$b$N!#B>$K$b$$$/$D$+(B:

  • #768380: Stable$B$C$F$J$s$@$m$&(B (slashdot.jp)$B!#(B $B0B0W$JJQ99$rL57Y9p$G9T$C$F$7$^$C$?$N$+$J$"!#(B

  • #768444 (slashdot.jp)$B!#(B

    $B<+J,$N4D6-$@$H%m!<%+%i%$%:%;%s%?!<(B [mozilla-japan.org]$B$K$"$k!V(BMozilla Firefox 1.0+ $BF|K\8lHG(B Win/Linux $BMQ(B XPI $B%Q%C%1!<%8!W$GF|K\8l2=$O!J$?$V$s!KBg>fIW$J$s$G$9$h$M(B

    $B7o$N$b$N(B$B$O!V(BFirefox 1.0 $B%j%j!<%98e$Kl9g$K$O==J,$K$4Cm0U$/$@$5$$!W$H$5$l$F$$$k$N$G!"$U$D$&$N?M$K?d>)$9$k$N$O:$Fq$@$H;W$$$^$9$,!D!D!#(B

$B!!$H$b$"$l!"(Bmake the switch today (Firefox $B%[!<%`%Z!<%8(B$B$G$NI=8=(B) $B$HK\5$$G8@$C$F$$$k$N$J$i!"!V1Q8lHG$H%m!<%+%i%$%:HG$N%j%j!<%9F|$,%:%l$F$$$k(B = $B%m!<%+%i%$%:HGMxMQu67$r2r7h$9$k!"$N$,:,K\E*$JBP:v$@$m$&!#(B 0day exploit $B$KAa5^$KBP1~$9$kI,MW$,$"$k$N$G;EJ}$J$/!D!D$H$$$&>u67$J$i$H$b$+$/!"(B1.0.5 $B$G9T$o$l$?=$@5$O$=$&$G$O$J$$$N$G$7$g$&(B?

$B!!AaED$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2005.07.20 $BDI5-(B:

$B!!(BFirefox $B$H(B Thunderbird $B$N(B 1.0.6 $BHG$,=P$^$7$?!#(BFirefox 1.0.6 $B$K$D$$$F$O3F9q8l%m!<%+%i%$%:HG$bF1;~%j%j!<%9$5$l$F$$$^$9!#;DG0$J$,$i!"(BThunderbird 1.0.6 $B$O:#$N$H$3$m1Q8lHG$7$+$"$j$^$;$s!#(B

$B!!AaED$5$s!">eED$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2005.07.17

$B"#(B $B$$$m$$$m(B
(various)

2005.07.21 $BDI5-(B:

$B!!(BNullsoft$B!"G$0U$N%3!<%I$, ($BAk$NEN(B, 2005.07.21)$B!#(B[Full-disclosure] LSS Security Advisory: Winamp remote buffer overflow vulnerability $B$N7o$,=$@5$5$l$?LOMM!#(B

$B"#(B $BDI5-(B

IBM ThinkPad X41 $B$,30It$+$iC/$G$b%7%c%C%H%@%&%s$G$-$k;EMM$K$D$$$F(B

$B!!!V%7%9%F%`$r%7%c%C%H%@%&%s$9$k$N$K%m%0%*%s$rI,MW$H$7$J$$!W%]%j%7!<$r(B $BM-8z$K!"$8$c$J$/$FL58z$K!"$G$7$?!#(BMattun $B$5$s46

Update: New Windows XP SP2 vulnerability

$B!!(BMicrosoft Security Advisory (904797): Vulnerability in Remote Desktop Protocol (RDP) Could Lead to Denial of Service (Microsoft, 2005.07.16)$B!#(B RDP $B$K(B DoS $B967b$r?)$i$&7g4Y$,$"$k$3$H$,3NG'$5$l$?LOMM!#(B Windows 2000 Server / Server 2003 $B$N%?!<%_%J%k%5!<%S%9!"(B Windows XP $B$N%j%b!<%H%G%9%/%H%C%W(B / $B%j%b!<%H%"%7%9%?%s%9$,3:Ev!#(B $BFC$K(B Windows XP Media Center Edition $B$G$O%j%b!<%H%G%9%/%H%C%W$,%G%U%)%k%H$GM-8z$K$J$C$F$$$k$=$&$@!#(B

$B%^%$%/%m%=%U%H(B $B%+%i!<4IM}%b%8%e!<%k$N@H

$B"#(B 2005.07.16

$B"#(B $BDI5-(B

Update Rollup 1 for Windows 2000 SP4 $B$r%$%s%9%H!<%k$9$k$HIT0BDj$K$J$k;vNc(B

$B!!(BWindows 2000 Service Pack 4 $BBP1~$N99?7%W%m%0%i%`(B $B%m!<%k%"%C%W(B 1 $B$rE,MQ$9$k$H(B Outlook $B$+$i%Q%9%o!<%IJQ99$,=PMh$J$/$J$k(B (Microsoft)

$B$3$l$O99?7%W%m%0%i%`(B $B%m!<%k%"%C%W(B1 $B$rE,MQ$9$k$3$H$K$h$j!"(BWindows 2000 Server $B$,G'>Z$K;HMQ$9$k%"%k%4%j%:%`$,JQ99$5$l$k$?$a$G$9!#(B

$B"#(B IBM ThinkPad X41 $B$,30It$+$iC/$G$b%7%c%C%H%@%&%s$G$-$k;EMM$K$D$$$F(B
($BEP(B $BBgM7!wC^GHBg3X>pJs3XN`$N(B SoftEther VPN $BF|5-(B, 2005.07.11)

$B!!$J$+$J$+3Z$7$=$&$J;EMM$G$9$M!#EvLL$NBP:v$H$7$F$O!"%3%a%s%H$K$"$k$h$&$K!"%m!<%+%k%;%-%e%j%F%#%]%j%7!<$G!V%7%9%F%`$r%7%c%C%H%@%&%s$9$k$N$K%m%0%*%s$rI,MW$H$7$J$$!W%]%j%7!<$r(B$BM-8z(B $BL58z$K$7$F$*$/$/$i$$$G$7$g$&$+!#(B (fixed: Mattun $B$5$s46

2005.07.24 $BDI5-(B:

$B!!$3$l$r%M%?$K$7$F(B $B@H (japan.zdnet.com) $B$H$$$&5-;v$,=q$+$l$F$$$k$C$]$$!#(B $B$=$NFbMF$K$D$$$F$O(B $B6K3Z$;$-$e$"F|5-(B $B$d(B Lucrezia Borgia $B$N(B Room Cantarella $B$G$D$C$3$^$l$F$$$k$,!"(B $B$=$l0JA0$NLdBj$H$7$F!"CxyFs;a$O!"(B $B$J$$B;EMM(B$B$K$D$$$F!W$H$7$F$$$k$N$+$r9M$($k$Y$-$@$C$?$N$G$O!"$H;W$&!#(B

2005.08.05 $BDI5-(B:

$B!!(BThinkVantage$B;XLfG'>Z%f!<%F%#%j%F%$!](B (Windows 2000/XP) - ThinkPad T42/T42p/T43/T43p/X41/X41 Tablet (IBM) $B$N(B Ver.4.6.0 Build 1153 $B$,=P$F$$$^$9!#?eLn$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B $B%j%j!<%9%l%?!<(B$B$h$j(B: 

<4.6.0 Build 1153>

  -($B=$(B) $B%j%b!<%H%G%9%/%H%C%W@\B3$G%7%c%C%H%@%&%s%\%?%s$rL58z2=$7$?!#(B

$B"#(B JView $B%W%m%U%!%$%i$N@H
(Microsoft, 2005.07.13)

$B!!(BMicrosoft Security Advisory (903144): A COM Object (Javaprxy.dll) Could Cause Internet Explorer to Unexpectedly Exit $B$N7o!#=$@5FbMF$b!"(BAdvisory $B$G<($5$l$F$$$?$N$HF1$8!"(BView $B%W%m%U%!%$%i(B (Javaprxy.dll) COM $B%*%V%8%'%/%H(B (CID: 03D9F3F2-B0E3-11D2-B081-006008039BF0) $B$KBP$9$k(B Kill Bit $B$N@_Dj!#(B

$B"#(B $B%^%$%/%m%=%U%H(B $B%+%i!<4IM}%b%8%e!<%k$N@H
(Microsoft, 2005.07.13)

$B!!(BWindows 98 / 98 SE / Me / 2000 / XP / Server 2003 $B$K7g4Y!#(B $B%+%i!<4IM}%b%8%e!<%k$K$*$1$k!"(BICC $B%W%m%U%!%$%k%U%)!<%^%C%H$N%?%0$N8!>Z=hM}$K7g4Y$,$"$k!#(B $B$=$N$?$a!"(B$B%+%i!<%W%m%U%!%$%k$H$7$F(B ICC $B%W%m%U%!%$%k$rKd$a9~$s$@(B$B96N,2hA|%U%!%$%k$K$h$j!"(BWindows 2000 / XP / Server 2003 $B$G$OG$0U$N%3!<%I$rCAN-2005-1219

$B!!(BICC $B%W%m%U%!%$%k%U%)!<%^%C%H$N%?%0$N8!>Z=hM}!"$H$$$&$N$O!"$?$H$($P(B Specification ICC.1:2004-10 (Profile version 4.2.0.0) $B$N(B p.14 $B$K$*$1$k!V(BTag Table$B!W$H!V(BTagged Element Data$B!W$H$N4X78$N=hM}$r8@$&$N$+$J!#(B

$B!!(BWindows 2000 / XP / Server 2003 $B$K$D$$$F$O=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B!!H/8+ICST $B$H$$$&$N$O!"BfOQ$NAH?%$J$s$G$9$M!#(B

2005.07.17 $BDI5-(B:

$B"#(B Microsoft Word $B$N@H
(Microsoft, 2005.07.13)

$B!!(BMicrosoft Word 2000 (Office 2000) / Word 2002 (Office XP) $B$K7g4Y!#(B $B%U%)%s%H$N=hM}$K$*$$$F(B buffer overflow $B$,H/@8$9$k$?$a!"96N,(B Word $B%I%-%e%a%s%H$K$h$C$FG$0U$N%3!<%I$r

$B!!=$@5%W%m%0%i%`$,MQ0U$5$l$F$$$k$N$GE,MQ$9$l$P$h$$!#(B Word 2002 (Office XP) $B$rMxMQ$7$F$$$k>l9g$O(B Microsoft Update $B$+$i$bE,MQ$G$-$k$,!"(BWord 2000 (Office 2000) $B$N>l9g$O(B Office $B%"%C%W%G!<%H(B$B$r9T$&$+!"$"$k$$$O(B MS05-035 $B%Z!<%8$+$i8DJL$K=$@5%W%m%0%i%`$rF~

$B!!4XO"(B:

$B"#(B 2005.07.15

$B"#(B $B%"%s%A%&%$%k%94XO"(B
(various)

$B"#(B $BDa55%a!<%k$H(BWindows$B%G%9%/%H%C%W%5!<%A$H$NAj@-LdBj$K$D$$$F!J(B2005.7.14)
(maruo.co.jp, 2005.07.14)

$B!!(BMSN $B%5!<%A(B $B%D!<%k%P!<(B with Windows $B%G%9%/%H%C%W(B $B%5!<%A(B (MSN) $B$N!V(BWindows $B%G%9%/%H%C%W(B $B%5!<%A!W$rM-8z$K$9$k$H!"(B$BDa55%a!<%k(B$B$G!"$U$D$&$N%a!<%k$,%&%$%k%9$HH=Dj$5$l$F$7$^$&!"Aw?.:Q$_%a!<%k$,L$Aw?.%U%)%k%@$K;D$C$F$7$^$&!"$J$I$H$$$C$?IT6q9g$,H/@8$9$kLOMM!#$3$N$h$&$JIT6q9g$OB>$N%=%U%H$G$bH/@8$9$k62$l$,$"$k$h$&$@!#(B $B=($^$k$*;a$O2sHr:v$H$7$F0J2<$r5s$2$F$$$k(B:

  • $B!V%$%s%G%C%/%9$N:n@.$rM%@h$9$k!W%*%W%7%g%s$OI,$:(BOFF$B$K$9$k!#(B
  • $BDa55B&$N!VA4HLE*$J@_Dj!&%&%#%k%9BP:v!&%"%s%A%&%#%k%9%=%U%H$N%j%"%k%?%$%`8!:w$KBP1~$5$;$k!W$r(BOFF$B$K$9$k!#(B
  • $B=PMh$l$P!"Da55%a!<%k$N%G!<%?MQ%U%)%k%@$O8!:wBP>]$H$J$i$J$$$h$&$K@_Dj$9$k!#!J%G%U%)%k%H$G$O8!:wBP>]$H$J$i$J$$$O$:$@$1$I$b!K(B
  • $B=PMh$l$PDa55%a!<%kB&$NDj4|

$B!!IT6q9g$N$&$A!"Da55%a!<%k$GBP1~$G$-$k$b$N$K$D$$$F$O(B Version4.18 $B$GBP1~$5$l$kM=Dj$@$=$&$@!#$7$+$7$=$l$GA4$F$,2r7h$5$l$k$O$:$b$J$/!"!D!D!#(B

$B"#(B Update: New Windows XP SP2 vulnerability
(SANS ISC, 2005.07.14)

$B!!(BWindows XP $B$N(B$B%j%b!<%H%"%7%9%?%s%95!G=(B ($BI8=`$GM-8z!"(BWindows $B%U%!%$%"%&%)!<%k$G$bNc30@_Dj$5$l$F2rJ|$5$l$F$$$k(B) $B$K7g4Y$,$"$j!"(B $B30It$+$i(B Windows XP $B<+BN$r%/%i%C%7%e(B ($B%V%k!<2hLL(B) $B$5$;$k$3$H$,2DG=$i$7$$!#(B $B>\:YITL@!#(BRDP (3389/tcp) $B$r%U%#%k%?$9$l$P2sHr$G$-$k$i$7$$!#(B

2005.07.17 $BDI5-(B:

$B!!(BMicrosoft Security Advisory (904797): Vulnerability in Remote Desktop Protocol (RDP) Could Lead to Denial of Service (Microsoft, 2005.07.16)$B!#(B RDP $B$K(B DoS $B967b$r?)$i$&7g4Y$,$"$k$3$H$,3NG'$5$l$?LOMM!#(B Windows 2000 Server / Server 2003 $B$N%?!<%_%J%k%5!<%S%9!"(B Windows XP $B$N%j%b!<%H%G%9%/%H%C%W(B / $B%j%b!<%H%"%7%9%?%s%9$,3:Ev!#(B $BFC$K(B Windows XP Media Center Edition $B$G$O%j%b!<%H%G%9%/%H%C%W$,%G%U%)%k%H$GM-8z$K$J$C$F$$$k$=$&$@!#(B

2005.07.20 $BDI5-(B:

$B!!F|K\8lHG=P$^$7$?(B: $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (904797): $B%j%b!<%H(B $B%G%9%/%H%C%W(B $B%W%m%H%3%k(B (RDP) $B$N@H (Microsoft)

2005.08.10 $BDI5-(B:

$B!!(Bpatch: $B%j%b!<%H(B $B%G%9%/%H%C%W(B $B%W%m%H%3%k$N@H (Microsoft)

$B"#(B $BDI5-(B

SquirrelMail: $_POST variable handling in options_identites allows for different attacks

$B!!4XO"(B:

$B"#(B 2005.07.14

$B"#(B $BDI5-(B

$B=EMW(B: PowerChute Business Edition v6.x.x $B=$@5BP1~$N$40FFb(B

$B!!(BPowerChute Business Edition v6.x.x $B$NLdBj$K4X$9$k(B Q&A$B=8(B (APC) $B$,$G$-$F$$$^$7$?!#(B

JCE 1.2.1 $B$N>ZL@=q4|8B@Z$l$K4X$9$kCm0U4-5/(B

$B!!(BJVN#93926203: Java Cryptography Extension 1.2.1$B!J(BJCE 1.2.1$B!K$N>ZL@=q$N4|8B@Z$l$G(B 2005/07/28 $B0J9_%=%U%H%&%(%"$,@5>o$KF0:n$7$J$/$J$kLdBj(B (JVN) $B$KB?$/$N>pJs$,=8@Q$5$l$F$$$^$9$N$G!"0lFI$r$*$9$9$a$7$^$9!#$^$C$A$c$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

Update Rollup 1 for Windows 2000 SP4 $B$r%$%s%9%H!<%k$9$k$HIT0BDj$K$J$k;vNc(B

$B!!(B904392 - Windows Update $B$d(B Microsoft Update $B%5%$%H$K%"%/%;%9$9$k$H(B 0x800700C1 $B%(%i!<$,I=<($5$l$k(B (Microsoft)$B!#$$$/$D$+$N7G<(HDEy$G;vNc$,<($5$l$F$$$?!"(BUpdate Rollup 1 $B$rE,MQ$9$k$H(B msxml3.dll $B$H(B msxml3r.dll $B$,(B 0 $B%P%$%H$K$5$l$F$7$^$&OC!#$3$&$J$C$?>l9g$NBP1~$H$7$F$O!"0J2<$N$$$:$l$+$@$=$&$@!#(B

  • msxml3.dll $B$H(B msxml3r.dll $B$NL>A0$rJQ99$9$k!#(B $BJQ99$9$k$H!"(BSystem File Protection $B5!G=(B $B$,(B msxml3.dll $B$H(B msxml3r.dll $B$r:F@8@.$7$F$/$l$k$N$@$m$&!#(B Update Rollup 1 $B$G$O(B msxml3.dll $B$H(B msxml3r.dll $B$O(B System File Protection $B5!G=$NBP>]$K$J$C$F$$$k!#(B

  • XML Parser (MSXML) 3.0 SP5 $B$r8DJL$K%$%s%9%H!<%k$9$k!#(B

$B!!$A$J$_$K!"(BWindows 2000 SP4 $B%m!<%k%"%C%W(B 1$BIT6q9g>pJs(B (HotFix Report BBS) $B$K$h$k$H!"(BMSXML 3.0 SP7 $B$,%$%s%9%H!<%k$5$l$?4D6-$K(B Update Rollup 1 $B$rE,MQ$9$k$H!"(BMSXML 3.0 SP5 $B$KL[$C$F%@%&%s%0%l!<%I$5$l$F$7$^$&$3$H$,$"$k!"$HJs9p$5$l$F$$$k!#(B

$BHkJ8$H(BSymantec AntiVirus$B!"F10l(BPC$B$K%$%s%9%H!<%k$9$k$H0E9f%U%!%$%kGK2u$N$*$=$l(B

$B!!(B$B!Z=EMW![HkJ8%7%j!<%:(B Symantec AntiVirus Corporate Edition 10.0$B$r%$%s%9%H!<%k$9$k$H!"0E9f%U%!%$%k$,07$($J$/$J$kLdBj$K$D$$$F$N$*CN$i$;(B($BB3Js(B) ($BF|N)%=%U%H(B) $B$K$h$k$H!"F1MM$NLdBj$,(B Symantec Client Security 3.0 $B$G$bH/@8$9$k$=$&$@!#(B $BHkJ8$G0E9f2=$7$?%U%!%$%k$r3+$1$J$$(B ($B%7%^%s%F%C%/(B) $B$K$h$k$H!"(B

  • Symantec AntiVirus Corporate Edition (SAVCE) 10.0 $B$d(B Symantec Client Security (SCS) 3.0 $B$GH/@8(B
  • SAVCE 9.x $B$d(B SCS 2.x $B$G$OH/@8$7$J$$(B

$B$=$&$@!#(B

$B"#(B SquirrelMail: $_POST variable handling in options_identites allows for different attacks
(SquirrelMail, 2005.07.13)

$B!!(BSquirrelMail 1.4.0$B!A(B1.4.5-RC1 $B$K7g4Y!#(Boptions_identities.php $B$K$*$1$k(B $_POST $BJQ?t$N07$$$K7g4Y$,$"$j!"B>%f!<%6$N@_Dj$rFI$_=q$-$7$?$j!"%/%m%9%5%$%H%9%/%j%W%F%#%s%07g4Y$,H/@8$7$?$j!"(Bweb $B%5!<%PF0:n8"8B$K$*$$$F=q$-9~$_5v2D$,B8:_$9$k%U%!%$%k$r2~$6$s$7$?$j$G$-$kLOMM!#(B CVE: CAN-2005-2095

$B!!(BSquirrelMail 1.4.5 $B$G=$@5$5$l$F$$$k!#(B

2005.07.15 $BDI5-(B:

$B!!4XO"(B:

$B"#(B Hiki $B$N@H
(Hiki Development Team, 2005.07.14)

$B!!(BWiki $B%/%m!<%s(B Hiki 0.8.0 $B$K(B CSRF $B967b$rpJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2005.07.13

$B"#(B $B$=$NB>$K$b$$$m$$$m(B
(various)

$B"#(B $BDI5-(B

CAN-2005-2096: zlib 1.2.x buffer overflow

$B!!(BTurbolinux $B$N>u67$rDI5-!#(B

$B!!(BDiscovering copies of zlib (enyo.de)$B!#(Bzlib $BMxMQ%"%W%j$r(B ClamAV $B$rMxMQ$7$F8!=P$9$kJ}K!!#(B

$B"#(B $B:#F|$O$$$m$$$m=P$F$^$9(B
(various)

$B!!$H$j$"$($:$a$b!#(B

$B!!(BEEYEB-20050329 $B$O:#7n$bD>$j$^$;$s$G$7$?!#(Borz

$B"#(B 2005.07.12

$B"#(B JVN#257C6F28$B!'(B Internet Explorer $B%3%s%]!<%M%s%H$r;HMQ$9$k%"%W%j%1!<%7%g%s$K$*$1$k%;%-%e%j%F%#%>!<%s$N07$$$K4X$9$k@H
(IPA, 2005.07.12)

$B!!(BIE $B%3%s%]!<%M%s%H$rMxMQ$7$?(B web $BI=<($r9T$C$F$$$k@=IJ$N$$$/$D$+$K$*$$$F!"(B $BK\Mh%$%s%?!<%M%C%H%>!<%s8"8B$G9T$&$Y$-(B web $BI=<($r!"%^%$%3%s%T%e!<%?%>!<%s$J$I8"8B$N9b$$%>!<%s$G9T$C$F$7$^$C$F$$$k$=$&$@!#6qBNE*$K$O!"$=$N$h$&$J@=IJ$H$7$F0J2<$,L@$i$+$H$J$C$F$$$k!#(B

$B!!BP1~J}K!$H$7$F$O!"(Bfix $B$,$"$k$b$N$K$D$$$F$OE,MQ$9$l$P$h$$!#(B $B$^$?3+H/$B%f%_%k%j%s%/$G$NBP1~(B$B$,0lNc$H$J$k$@$m$&!#(B

<$B?75, * Web$B%Z!<%8$+$i(BHTML$B%U%!%$%k7A<0$b$7$/$O(BMHT$B%U%!%$%k7A<0$Gl9g!"Web$B$N%^!<%/(B$B!W!J(B"saved from url"$B!K%3%a%s%H$rDI2C$7$^$9!#(B
$B$3$N=hM}$K$h$C$F!"!<%s$G$O$J$/(B[$B%$%s%?!<%M%C%H(B]$B%>!<%s$K$*$$$FI=<($5$l$^$9!#(B

<$B4{B8(BHTML$B%U%!%$%k$X$NBP1~(B>
* $B4{B8(BHTML$B%U%!%$%k$NI=<(%>!<%s$r(B[$B%$%s%?!<%M%C%H(B]$B%>!<%s$X$HJQ49$9$k!V%;%-%e%j%F%#%>!<%sJQ495!G=!W$rEk:\$7$^$7$?!#(B
$BK\5!G=$r;HMQ$9$k$3$H$K$h$C$F!"G$0U$N4{B8(BHTML$B%U%!%$%k$NI=<(%>!<%s$r(B[$B%$%s%?!<%M%C%H(B]$B%>!<%s$XJQ49$9$k$3$H$,=PMh$^$9!J!V%;%-%e%j%F%#%>!<%sJQ495!G=!W$N;HMQJ}K!$O!"

$B!!4XO"(B:

2005.07.14 $BDI5-(B:

$B!!(B$BIY;NDL$N(B JVN#257C6F28 $B$X$NBP1~(B (JVN) $B$K;2>H%j%s%/$,L@5-$5$l$?$N$G!"IY;NDL$N9`$r=q$-D>$7$?!#(B

$B!!4XO"(B: $B$H$7$F(B JVN#257C6F28 (JVN) $B$rDI2C$7$?!#(B

2005.07.20 $BDI5-(B:

$B!!4XO"$H$7$F!"(BWebBrowser Control $B$r;H$&(B MUA $B$KFCBg$N%;%-%e%j%F%#!<%[!<%k(B $B$rDI2C(B ($B;2>H(B: [memo:8609])

2005.09.13 $BDI5-(B:

$B!!IY;NDL$N(B SIMPLIA/TF-WebTest $B$K$b$3$N7g4Y$,$"$C$?$=$&$@(B: WEB$B%"%W%j%1!<%7%g%s%F%9%H;Y1g%D!<%k!V(BSIMPLIA/TF-WebTest$B!W$N(B $B%;%-%e%j%F%#$N@H ($BIY;NDL(B, 2005.09.09)

$B"#(B $BDI5-(B

CAN-2005-2096: zlib 1.2.x buffer overflow

$B!!(BNetBSD $B$N>u67$rDI5-!#(B

$B"#(B $BHkJ8$H(BSymantec AntiVirus$B!"F10l(BPC$B$K%$%s%9%H!<%k$9$k$H0E9f%U%!%$%kGK2u$N$*$=$l(B
(ITmedia, 2005.07.11)

$B!!85$M$?(B: JP1/$BHkJ84D6-$K(BSymantec AntiVirus Corporate Edition 10.0$B$r%$%s%9%H!<%k$9$k$H!"0E9f%U%!%$%k$,07$($J$/$J$kLdBj(B ($BF|N)(B)$B!#8=;~E@$G$O!VHkJ8%U%)!<%^%C%H:Q$_$N%I%i%$%V!"$^$?$O!"6&M-5!L)%U%)%k%@Fb$N0E9f%U%!%$%k$rA`:n$7$J$$!W$+!V(BSymantec AntiVirus Corporate Edition 10.0 $B$N%"%s%$%s%9%H!<%k!W$7$+2sHrJ}K!$,$J$$LOMM!#(B

$B!!(BSAVCE9 $B$G$b2?$+$"$C$?$h$&$J!D!D$3$l$+(B: $B!Z=EMW![HkJ8(BAdvanced Edition$B$H(BSymantec AntiVirus Corporate Edition 9.0 $BF15o;~$KH/@8$9$kLdBj$K4X$7$F(B($BB3Js(B) ($BF|N)%=%U%H(B)$B!#(B SymEvent $B%3%s%]!<%M%s%H(B 11.6.0.24 $B0J9_$N%P!<%8%g%s$K99?7$9$k$3$H$G2~A1(B ($B%7%^%s%F%C%/(B) $B$5$l$k$=$&$G!#(B SAVCE10 $B$r%"%s%$%s%9%H!<%k$7$F(B SAVCE9 + $B!V(BSymEvent $B%3%s%]!<%M%s%H(B 11.6.0.24 $B0J9_!W$K%@%&%s%0%l!<%I$9$k$N$,$$$$$s$G$9$+$M$(!#(B

2005.07.14 $BDI5-(B:

$B!!(B$B!Z=EMW![HkJ8%7%j!<%:(B Symantec AntiVirus Corporate Edition 10.0$B$r%$%s%9%H!<%k$9$k$H!"0E9f%U%!%$%k$,07$($J$/$J$kLdBj$K$D$$$F$N$*CN$i$;(B($BB3Js(B) ($BF|N)%=%U%H(B) $B$K$h$k$H!"F1MM$NLdBj$,(B Symantec Client Security 3.0 $B$G$bH/@8$9$k$=$&$@!#(B $BHkJ8$G0E9f2=$7$?%U%!%$%k$r3+$1$J$$(B ($B%7%^%s%F%C%/(B) $B$K$h$k$H!"(B

  • Symantec AntiVirus Corporate Edition (SAVCE) 10.0 $B$d(B Symantec Client Security (SCS) 3.0 $B$GH/@8(B
  • SAVCE 9.x $B$d(B SCS 2.x $B$G$OH/@8$7$J$$(B

$B$=$&$@!#(B

2005.07.26 $BDI5-(B:

$B!!%7%^%s%F%C%/$+$i2sHr%D!<%k$,8x3+$5$l$^$7$?(B: $BHkJ8$G0E9f2=$7$?%U%!%$%k$r3+$1$J$$(B ($B%7%^%s%F%C%/(B)$B!#(B

$B0J2<$N%3%^%s%I$r * SAVCE $B%/%i%$%"%s%H$N>l9g(B:
C:\Program Files\Symantec AntiVirus\SAVRTICFG.exe ICFG:OpenScanningMode 0
* SCS $B%/%i%$%"%s%H$N>l9g(B:
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRTICFG.exe ICFG:OpenScanningMode 0

$B!!$J$s$@$+(B SAVCE $B$d(B SCS $B$N5!G=$N0lIt$rL58z2=$7$F$$$k46$8$G$9$M!D!D!#(B SAVRTICFG.exe $B$r;H$&$H!"$b$C$H$$$m$$$m@_Dj$G$-$k$N$+$J$"!#(B

2005.08.06 $BDI5-(B:

$B!!%7%^%s%F%C%/$NJ8=q(B http://service1.symantec.com/support/INTER/entsecurityjapanesekb.nsf/jp_docid/20050712145310949?OpenDocument&dtype=corp ($B%7%^%s%F%C%/(B) $B$N%?%$%H%k$,!"!VHkJ8$G0E9f2=$7$?%U%!%$%k$r3+$1$J$$!W$+$i!V%G!<%?0E9f2=%W%m%0%i%`$G0E9f2=$7$?%U%!%$%k$r3+$1$J$$!W$KJQ2=$7$F$$$^$9!#$^$?$=$NBP>]$H$7$F!"HkJ8$K2C$($F(B

$B"#(B 2005.07.11

$B"#(B $BDI5-(B

Microsoft Security Advisory (903144): A COM Object (Javaprxy.dll) Could Cause Internet Explorer to Unexpectedly Exit

$B!!(B$BF|K\8l>pJs$NK]Lu%?%$%_%s%0(B ($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog, 2005.07.11)$B!#(B

$BEv=i$3$N%"%I%P%$%6%j$r8x3+$9$k:]$K2sHr:v$,$$$/$D$+8x3+$5$l$?$N$G$9$,!"@HpJs$NDs6!$r$=$l$i$N%D!<%k$,$G$-$"$,$k$^$G8+9g$o$;$F$*$j$^$7$?!#(B($BCfN,(B)
$B$H$$$&$3$H$G!"$$$^$@$K>pJs$,3NDj$7$F$+$iF|K\8l2=$9$Y$-$+!">o$KF|K\8l>pJs$r%?%$%`%j!<$K=P$9$+$NH=CG$,$D$$$F$$$^$;$s!#(B

$B!!8D?ME*$K$O!V%?%$%`%j!l$J$N$G!"$J$+$J$+$`$D$+$7$$$G$9$h$M$(!#(B

CAN-2005-2096: zlib 1.2.x buffer overflow

$B!!4XO"(B:

JCE 1.2.1 $B$N>ZL@=q4|8B@Z$l$K4X$9$kCm0U4-5/(B

$B"#(B 2005.07.10

$B"#(B $BDI5-(B

Update Rollup 1 for Windows 2000 SP4 $B$r%$%s%9%H!<%k$9$k$HIT0BDj$K$J$k;vNc(B

$B!!(B904130: Windows 2000 SP4 $BBP1~$N99?7%W%m%0%i%`(B $B%m!<%k%"%C%W(B 1 (KB891861) $B$NE,MQ8e$K(B Excel $B$d(B Word $B$G%U%m%C%T!<%G%#%9%/$K%"%/%;%9$9$k$H1~Ez$rDd;_$9$k>l9g$,$"$k(B (Microsoft)$B!#$J$s$8$c$=$l!

$B"#(B 2005.07.08

$B"#(B $BDI5-(B

Microsoft Security Advisory (903144): A COM Object (Javaprxy.dll) Could Cause Internet Explorer to Unexpectedly Exit

$B!!F|K\8lHG=P$?(B: $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (903144): COM $B%*%V%8%'%/%H(B (Javaprxy.dll) $B$K$h$j!"(BInternet Explorer $B$,0[>o=*N;$9$k(B (Microsoft)

HTTP Request Smuggling

$B!!(BDeleGate 8.11.5 $B$,%j%j!<%9$5$l$^$7$?!#(B DeleGate $BMxMQ

CAN-2005-2096: zlib 1.2.x buffer overflow

$B!!(BFedora Core 3 / 4, Turbolinux, VineLinux, OpenBSD $B$K$D$$$FDI5-!#(B

$B"#(B HS05-015: JCE(Java Cryptography Extension)1.2.1$B>ZL@=q$N<:8zLdBj!&(BCosminexus Web Contents Generator (Macromedia JRun 3.1)$B$NBP:v(B
($BF|N)(B, 2005.07.06)

$B!!(BJCE 1.2.1 $B$N>ZL@=q4|8B@Z$l(B $B$K$h$C$F!"(BCosminexus Web Contents Generator 01-02 ($B$=$N

$B!!BP1~$H$7$F(B Java Cryptography Extension (JCE) 1.2.2 $B$X$N%"%C%W%0%l!<%I$,;X<($5$l$F$$$k!#(B

$B"#(B JCE 1.2.1 $B$N>ZL@=q4|8B@Z$l$K4X$9$kCm0U4-5/(B
(IPA ISEC, 2005.07.08)

$B!!(BSun $B$N(B Java Cryptography Extension (JCE) $B$N(B 1.2.1 $BHG$K4^$^$l$k>ZL@=q$,(B 2005.07.28 06:43 $B$K4|8B@Z$l$K$J$kOC!D!D$H$$$&$H!"(B$B=EMW(B: PowerChute Business Edition v6.x.x $B=$@5BP1~$N$40FFb(B $B$G$9$J!#(B

$B!!BP1~$H$7$F$O(B 2 $B

  • $B$3$N7g4Y$,=$@5$5$l$?(B Java Cryptography Extension (JCE) 1.2.2 $B$K%"%C%W%0%l!<%I$9$k!#(B $B$7$+$7(B JCE 1.2.2 $B$O(B 2006 $BG/(B 3 $B7nKv$G%5%]!<%H=*N;(B (EOL) $B$J$N$@$=$&$G!"(B1 $BG/

  • $BBP1~:Q$N(B JCE $B$,I8=`$G4^$^$l$k(B J2SE 1.4.2 / 1.5.0 $B$K0\9T$9$k!#(B

2005.07.11 $BDI5-(B:

2005.07.14 $BDI5-(B:

$B!!(BJVN#93926203: Java Cryptography Extension 1.2.1$B!J(BJCE 1.2.1$B!K$N>ZL@=q$N4|8B@Z$l$G(B 2005/07/28 $B0J9_%=%U%H%&%(%"$,@5>o$KF0:n$7$J$/$J$kLdBj(B (JVN) $B$KB?$/$N>pJs$,=8@Q$5$l$F$$$^$9$N$G!"0lFI$r$*$9$9$a$7$^$9!#$^$C$A$c$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2005.07.20 $BDI5-(B:

$B!!(BIntruShield$B$G!"(BJCE 1.2.1$B$N>ZL@=q$N4|8B@Z$l$NLdBj$K$D$$$F(B ($B%^%+%U%#!<(B)$B!#(BIntruShield v1.8$B!"(Bv1.9$B!"(Bv2.1 $B$G(B JCE 1.2.1 $B$r;H$C$F$*$j!"(B JCE 1.2.2 $B$X0\9T$9$k(B patch $B$,(B 2005.07.21 $B$KDs6!$5$l$kM=Dj$@$=$&$@!#(B

2005.07.21 $BDI5-(B:

$B!!(BJCE1.2.1$B$N(BHotFix$B$K$D$$$F$N(BQA ($B%^%+%U%#!<(B)$B!#(BIntruShield $BMQ(B patch $B=P$^$7$?!#(B

2005.11.29 $BDI5-(B:

$B!!(BIBM JCE 1.2.1 $B>ZL@=qM-8z4|8B@Z$l$KH<$&(BTivoli$B@=IJ$X$N1F6A$K$D$$$F(B (Tivoli-05-064) (IBM, 2005.11.25)$B!#(B $B!V(B2006$BG/(B3$B7n:"!W$H$+!V(B2006$BG/(B6$B7n:"!W$H$+$$$&J8;zNs$,$"$C$F!"$J$+$J$+$"$l$G$9!#(B

$B"#(B Update Rollup 1 for Windows 2000 SP4 $B$r%$%s%9%H!<%k$9$k$HIT0BDj$K$J$k;vNc(B
(various)

$B!!(B891861: Windows 2000 Service Pack 4 $BBP1~$N99?7%W%m%0%i%`(B $B%m!<%k%"%C%W(B 1 (Microsoft) $B$r%$%s%9%H!<%k$9$k$H!"%V%k!<2hLL$K$J$k$J$I(B Windows 2000 $B$,IT0BDj$K$J$k;vNc$,;68+$5$l$k$h$&$G$9!#(Bskitazawa $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!$J$s$@$+(B SCSI / RAID $B$^$o$j$NIT6q9g$,B?$$5$$,!#(B

$B!!IT6q9g$,=P$?>l9g$O(B$B$3$3$K$"$k$h$&$J$B$G(B Update Rollup 1 $B$r%"%s%$%s%9%H!<%k$9$l$P$h$$$h$&$G$9!#(B $B2sI|%3%s%=!<%k$K$D$$$F$O(B KB 229716 $B$r;2>H!#(B

2005.07.10 $BDI5-(B:

$B!!(B904130: Windows 2000 SP4 $BBP1~$N99?7%W%m%0%i%`(B $B%m!<%k%"%C%W(B 1 (KB891861) $B$NE,MQ8e$K(B Excel $B$d(B Word $B$G%U%m%C%T!<%G%#%9%/$K%"%/%;%9$9$k$H1~Ez$rDd;_$9$k>l9g$,$"$k(B (Microsoft)$B!#$J$s$8$c$=$l!

2005.07.14 $BDI5-(B:

$B!!(B904392 - Windows Update $B$d(B Microsoft Update $B%5%$%H$K%"%/%;%9$9$k$H(B 0x800700C1 $B%(%i!<$,I=<($5$l$k(B (Microsoft)$B!#$$$/$D$+$N7G<(HDEy$G;vNc$,<($5$l$F$$$?!"(BUpdate Rollup 1 $B$rE,MQ$9$k$H(B msxml3.dll $B$H(B msxml3r.dll $B$,(B 0 $B%P%$%H$K$5$l$F$7$^$&OC!#$3$&$J$C$?>l9g$NBP1~$H$7$F$O!"0J2<$N$$$:$l$+$@$=$&$@!#(B

  • msxml3.dll $B$H(B msxml3r.dll $B$NL>A0$rJQ99$9$k!#(B $BJQ99$9$k$H!"(BSystem File Protection $B5!G=(B $B$,(B msxml3.dll $B$H(B msxml3r.dll $B$r:F@8@.$7$F$/$l$k$N$@$m$&!#(B Update Rollup 1 $B$G$O(B msxml3.dll $B$H(B msxml3r.dll $B$O(B System File Protection $B5!G=$NBP>]$K$J$C$F$$$k!#(B

  • XML Parser (MSXML) 3.0 SP5 $B$r8DJL$K%$%s%9%H!<%k$9$k!#(B

$B!!$A$J$_$K!"(BWindows 2000 SP4 $B%m!<%k%"%C%W(B 1$BIT6q9g>pJs(B (HotFix Report BBS) $B$K$h$k$H!"(BMSXML 3.0 SP7 $B$,%$%s%9%H!<%k$5$l$?4D6-$K(B Update Rollup 1 $B$rE,MQ$9$k$H!"(BMSXML 3.0 SP5 $B$KL[$C$F%@%&%s%0%l!<%I$5$l$F$7$^$&$3$H$,$"$k!"$HJs9p$5$l$F$$$k!#(B

2005.07.17 $BDI5-(B:

$B!!(BWindows 2000 Service Pack 4 $BBP1~$N99?7%W%m%0%i%`(B $B%m!<%k%"%C%W(B 1 $B$rE,MQ$9$k$H(B Outlook $B$+$i%Q%9%o!<%IJQ99$,=PMh$J$/$J$k(B (Microsoft)

$B$3$l$O99?7%W%m%0%i%`(B $B%m!<%k%"%C%W(B1 $B$rE,MQ$9$k$3$H$K$h$j!"(BWindows 2000 Server $B$,G'>Z$K;HMQ$9$k%"%k%4%j%:%`$,JQ99$5$l$k$?$a$G$9!#(B

2005.08.05 $BDI5-(B:

$B!!(BUpdate Rollup 1 for Windows 2000 SP4 $B$N:F%j%j!<%9$,7W2h$5$l$F$$$k$=$&$G$9!#(B KB891861: Update Rollup 1 for Windows 2000 SP4 and known issues (Microsoft) Revision:10.0 $B$h$j(B:

Known issues
After the release of Update Rollup 1 for Windows 2000 SP4, we identified several issues that may occur when you install this update rollup. These issues are isolated, and affect few customers. These issues are described in this article. This article also explains how to resolve these issues. If you are affected by these issues, we suggest that you do not install Update Rollup 1 for Windows 2000 SP4 until the corresponding hotfix is available. We plan to reissue Update Rollup 1 for Windows 2000 SP4 soon. Several hotfixes will be integrated into the new version of Update Rollup 1 for Windows 2000 SP4.

$B!!$U$D$&$N?M$O!":F%j%j!<%9HG$rBT$C$?J}$,$h$5$=$&$G$9$M!#(B

2005.09.14 $BDI5-(B:

$B!!(B891861: Update Rollup 1 for Windows 2000 SP4 and known issues (Microsoft) $B$,2~D{$5$l$F(B revision 18.0 $B$K$J$C$F$$$^$9!#(B $B:#F|!"(BUpdate Rollup 1 $B$N?7HG(B (v2) $B$,%j%j!<%9$5$l$?$h$&$G$9!#(B v1 $B$K$"$C$?LdBj$N$&$A!"

  • $B
  • MSXML3.DLL $B%U%!%$%k$,8+$D$+$j$^$;$s(B
  • $B%(%i!$B%(%i!
  • $B%(%i!<%a%C%;!<%8(B "Stop 0x000001E" $B$,I=<($5$l$k(B
  • $B%@%$%J%_%C%/%G%#%9%/$r;HMQ$9$k%3%s%T%e!<%?$K%$%s%9%H!<%k$9$k$H!"%7%9%F%`(B $B%I%i%$%V$,(B 2 $B$DI=<($5$l$k$3$H$,$"$k(B
  • Microsoft Office $B%W%m%0%i%`$+$i%U%m%C%T!<(B $B%G%#%9%/$K%U%!%$%k$rD>@\J]B8$G$-$J$$(B

$B"#(B 2005.07.07

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B HTTP Request Smuggling
(watchfire)

$B!!?7$7$$967bu67!#(B $B:Y9)$7$?!"(BKeep-Alive $B$,M-8z$J(B HTTP 1.1 $B%j%/%(%9%H$rAw$C$?>l9g$K!"Cf4V5!4o(B (cache/proxy $B%5!<%P$d%U%!%$%"%&%)!<%k(B) $B$H=*C<5!4o(B (web $B%5!<%P(B) $B$H$G$=$N2rHTTP Response Splitting $B$H$O;w$FHs$J$kOC$@$=$&$@!#(B CVE-2005-2090

$B!!$3$l$rMxMQ$9$k$H!"(Bcache/proxy $B%5!<%P$N(B cache $B1x@w!"%U%!%$%"%&%)!<%k>e$NKI1R5!9=$NL58z2=!"%;%C%7%g%s%O%$%8%c%C%/$d(B XSS $B967b$,2DG=$K$J$k$H$$$&!#(B $BCf4V5!4o$H=*C<5!4o$H$NAH$_$"$o$;$GLdBj$,H/@8$7$?$j$7$J$+$C$?$j$9$k$,!"(BApache $B$O!"(BApache $B<+?H$,Cf4V5!4o$G$J$$8B$j$O0BA4$@$H$5$l$F$$$k!#(B

$B!!O@J8Cf$G$O!"(Bsquid $B$O(B 2.5.STABLE9 $B$G(B ($B:G?7$O(B 2.5.STABLE10)$B!"(BCheckPoint FW-1 $B$O(B R55W $B$G=$@5$5$l$F$$$k$H2r@b$5$l$F$$$k!#$^$?(B DeleGate $B$K$D$$$F$O!"(B8.11.5-pre1 / 9.0.3-pre28 $B$G=$@5$5$l$F$$$k(B [DeleGate:13051]$B!#$=$NB>$NEP>l?MJ*(B -- IIS 5.0 / 6.0, ISA 2000, WebLogic 8.1 SP1, Apache 2.0.45 / 1.3.29, WebSphere 5.0 / 5.1, Oracle9iAS web server 9.0.2, SunONE web server 6.1 SP4, SunONE proxy server 3.6 SP4, Tomcat 5.0.19 / 4.1.24, $BF?L>$N(B cache $B%"%W%i%$%"%s%9(B -- $B$K$D$$$F$O>u67ITL@!#(B

2005.07.08 $BDI5-(B:

$B!!(BDeleGate 8.11.5 $B$,%j%j!<%9$5$l$^$7$?!#(B DeleGate $BMxMQ

2005.07.27 $BDI5-(B:

$B!!(B[SA14530] Apache HTTP Request Smuggling Vulnerability (secunia)$B!#(BApache 2.0.55 $B$G=$@5$5$l$kM=Dj$@$=$&$G$9!#(B

2007.04.10 $BDI5-(B:

$B!!(BTomcat$B$N%;%-%e%j%F%#%"%C%W%G!<%H$,%j%j!<%9$K(B - 4$B7O%f!<%6$O99?7$r(B ($B%^%$%3%_%8%c!<%J%k(B, 2007.04.09)$B!#(BTomcat 4.1.36 $B$G=$@5$5$l$?$=$&$G$9!#(B

$B"#(B Multiple new Net-SNMP releases to fix a security related bug
(net-snmp-announce, 2005.07.01)

$B!!(BNet-SNMP 5.x $B$K7g4Y!#(B TCP $B$N$h$&$J%9%H%j!<%`%Y!<%9%W%m%H%3%k$rMxMQ$7$F$$$k>l9g(B ($B%G%U%)%k%H$G$O;HMQ$7$J$$(B) $B$K!"(BDoS $B967b$r

2005.09.29 $BDI5-(B:

$B!!(BCVE: CAN-2005-2177

$B"#(B CAN-2005-2096: zlib 1.2.x buffer overflow
($B3F=j(B, 2005.07.06)

$B!!(B1.2.2 $B0JA0$N(B zlib 1.2.x $B$K7g4Y!#(B $B2u$l$?05=L%G!<%?%9%H%j!<%`$N07$$$K$*$$$F(B buffer overflow $B$9$k7g4Y$,$"$j!"(B $B=hM}$,Dd;_$7$?$jG$0U$N%3!<%I$r

fix / patch:

2005.07.08 $BDI5-(B:

$B!!(BFedora Core 3 / 4, Turbolinux, VineLinux, OpenBSD $B$K$D$$$FDI5-!#(B

2005.07.12 $BDI5-(B:

$B!!4XO"(B:

2005.07.12 $BDI5-(B:

$B!!(BNetBSD $B$N>u67$rDI5-!#(B

2005.07.13 $BDI5-(B:

$B!!(BTurbolinux $B$N>u67$rDI5-!#(B

$B!!(BDiscovering copies of zlib (enyo.de)$B!#(Bzlib $BMxMQ%"%W%j$r(B ClamAV $B$rMxMQ$7$F8!=P$9$kJ}K!!#(B

2005.07.23 $BDI5-(B:

$B!!$3$N7g4Y$,=$@5$5$l$?(B zlib 1.2.3 $B$,=P$F$$$^$7$?!#(B

$B"#(B 2005.07.06

$B"#(B $BDI5-(B

Microsoft Security Advisory (903144): A COM Object (Javaprxy.dll) Could Cause Internet Explorer to Unexpectedly Exit

$B!!(BISS $B$,G$0U$N%3!<%I$NMicrosoft Java Virtual Machine $B$K$*$1$k%j%b!<%H$+$i$N%;%-%e%j%F%#?/32(B (ISSKK, 2005.07.06)$B!#(B $B$7$+$7!D!D(B

Buffer Overflow Exploit Prevention (BOEP) $B$r$*;H$$$N>l9g$O!"$3$NLdBj$+$iJ]8n$5$l$F$$$^$9!#$3$N5;=Q$O(B Proventia Desktop ($BF|K\9qFbL$%j%j!<%9(B)$B!"(BServer Sensor SR 4.2($BF|K\9qFbL$%j%j!<%9(B) $B$*$h$S(B 4.3 ($BF|K\9qFbL$%j%j!<%9(B) $B$KHw$o$C$F$$$^$9!#(B

$B!!(B$B%$%s%?!<%M%C%H(B $B%;%-%e%j%F%#(B $B%7%9%F%`%:!"%"%s%A%&%#%k%9%=%U%H$N(B $B%7%0%M%A%c$d%Q%?!<%s%U%!%$%k99?7$NA0$K4{CN!&L$CN$N%&%#%k%9$r(B $B6n=|$9$k (ISSKK, 2004.12.15) $B$K$h$k$H!"(BProventia Desktop $B$O(B 2005.03.01 $B$KHNGd3+;O$5$l$k$3$H$K$J$C$F$$$k$N$G$9$,!"

$B!!$^$?(B Microsoft Security Advisory (903144) $B$,2~D{$5$l!"(Bjavaprxy.dll $B$rL58z2=(B (kill bit $B$r@_Dj(B) $B$9$k%W%m%0%i%`$,G[I[$5$l$F$$$^$9!#(BWorkarounds $B$N(B Disable the Javaprxy.dll COM object from running in Internet Explorer $B$r;2>H!#?9ED$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2005.07.05

$B"#(B 2005.07.04

$B"#(B [226356] $BG$0U$N%"%W%j%1!<%7%g%s$,pJs!J(BMacintosh $BHG(B Acrobat/Adobe Reader 7.0-7.0.1$B!K(B
(Adobe, 2005.06.28)

$B!!(BMac OS $BHG(B Acrobat / Adobe Reader 7.0, 7.0.1 $B$K7g4Y!#(B PDF $B%U%!%$%k$K;E3]$1$?96N,(B JavaScript $B$K$h$C$F!"4{CN%Q%9!&%"%W%j%1!<%7%g%sL>$N%"%W%j%1!<%7%g%s$r5/F0$5$;$k$3$H$,2DG=$H$J$k!#(B

$B!!(BMac OS $BHG(B Acrobat / Adobe Reader 7.0.2 $B$G=$@5$5$l$F$$$k!#(B7.0.2 $B$X$N%"%C%W%G!<%?$,8x3+$5$l$F$$$k$N$GE,MQ$9$l$P$h$$!#(B

$B"#(B FreeBSD $B$K(B 3 $B$D$N(B SA (5 $B$D$N7g4Y(B)
(FreeBSD-Announce ML, 2005.06.30)

$B!!(BFreeBSD $B$K(B 3 $B$D$N(B SA (5 $B$D$N7g4Y(B)

$B"#(B $BDI5-(B

XML $B30It%(%s%F%#%F%#$K4X$9$k%;%-%e%j%F%#>pJs!J(BAdobe Reader/Acrobat 7.0-7.0.1$B!K(B

$B!!(BMac OS $BHG(B Acrobat 7.0.2 / Adobe Reader 7.0.2 $B%"%C%W%G!<%H$,EP>l!#(B XML $B30It%(%s%F%#%F%#$K4X$9$k%;%-%e%j%F%#>pJs!J(BAdobe Reader/Acrobat 7.0-7.0.1$B!K(B (Adobe) $B$b2~D{$5$l!"(BMac OS $BHG%"%C%W%G!<%H%U%!%$%k$X$N%j%s%/$,7G:\$5$l$F$$$k!#(B

Vocal Cancel$B$,%&%$%k%9$J7o$K$D$$$F!#(B

$B!!8EED;a$K$h$k%3!<%I$,=|5n$5$l$?(B SoftEther VPN 2.0 Beta 3.2 $B$,EP>l$7$^$7$?!#;2>H(B: SoftEther VPN 2.0 $B%W%m%0%i%`$+$i$N?.Mj$G$-$J$$%3!<%I$N=|5n$K$D$$$F(B (softether.com, 2005.07.04)$B!#$J$*!"(BBeta 3.2 $B$K$O$=$NB>$K$b$$$m$$$m$J5!G=8~>e$,$J$5$l$F$$$^$9!#(B

Vocal Cancel$B$,%&%$%k%9$J7o$K$D$$$F!#(B

$B!!(BVocal Cancel$B$,%&%$%k%9$J7o$K$D$$$F!#(B$B$,2~D{$5$l$F$$$k!#8EED;a$+$i!V%9%Q%$%&%'%"$O@5<0$J%7%j%"%k%J%s%P!pJs$O0J2<$@$=$&$@!#(B

$BMxMQ%7%j%"%k%J%s%P! $B%f!<%6!<%"%+%&%s%H$N>pJs(B(SID$BEy(B)
$B%a!<%k%"%+%&%s%H$N>pJs(B
$B%"%I%l%9D"(B
$B%@%$%d%k%"%C%W%"%+%&%s%H$N>pJs(B

$B!!(BVocal Cancel 5.05 $B$N(B README.TXT $B$K$O$3$s$J5-=R$,$"$k!#(B

$B!&IT@5;HMQ$K$D$$$F(B
$BIT@5;HMQ$K$O87$7$/BP=h$5$;$F$$$?$@$-$^$9!#(B
$B$3$NJ8=q$G$O!VIT@5;HMQ!W$H$O!"%Q%9%o!<%I$rIT@5$J $B$3$NJ8=q$G$O!VL55v2DG[I[!W$H$O!":n $BIT@5;HMQ$N$*$h$S%Q%9%o!<%I$NL55v2DG[I[$N:]$O!"8D?M>pJs$K$D$$$FD4::$5$;$F$$$?$@$/>l9g$,$4$6$$$^$9!#(B
$BIT@5;HMQ$N:]$O!"EPO?NA6b$N==G\0J2<$ND4::HqMQ$r@A5a$5$;$F$$$?$@$/>l9g$,$4$6$$$^$9!#(B
$B$^$?!"%Q%9%o!<%I$NL55v2DG[I[$N:]$K$O!":GBgB;323[$r@A5a$5$;$F$$$?$@$/>l9g$,$4$6$$$^$9!#(B
$B0-pJs$rBh;0l9g$,$4$6$$$^$9!#(B

$B!!$3$NJ8LL$@$H!"!V%"%I%l%9D"!W$N<}=8$K$D$$$F$OHO0O$r1[$($F$$$k$h$&$K;W$($k$J$"!#(B

$B"#(B $BF|N)%=%U%H(B $BHkJ8%7%j!<%:$K(B 2 $B$D$N7g4Y(B
($BF|N)%=%U%H(B, 2005.06.22)

$B!!F|N)%=%U%H$N(B$BHkJ8%7%j!<%:(B$B$K(B 2 $B$D$N7g4Y!#(B

$B!!$$$:$l$K$D$$$F$bBP:vHG$,$"$k$N$G%"%C%W%0%l!<%I$9$l$P$h$$!#(B $B$J$*HkJ8%S%e!<%"$K$D$$$F$O!VK\BP:v$G0lItHkJ8%S%e!<%"$NF0:n$,JQ99$K$J$C$F!W$$$k$=$&$J$N$GCm0U!#(B

$B!!(B $BF|N)%;%-%e%j%F%#>pJs(B$B$K$3$NOC$,$J$$$N$O!"!VF|N)%=%U%H$OJL2q ($BF|N)%;%-%e%j%F%#>pJs(B$B$K$b$A$c$s$H$"$j$^$7$?!#>.=P$5$s>pJs$"$j$,$H$&$4$6$$$^$9(B)

$B"#(B 2005.07.03

$B"#(B Microsoft Security Advisory (903144): A COM Object (Javaprxy.dll) Could Cause Internet Explorer to Unexpectedly Exit
(Microsoft, 2005.06.30)

$B!!(BInternet Explorer (IE) 5.01 SP[34] / 5.5 SP2 / 6 SP[12] $B$K1F6A$9$k7g4Y!#(B IE $B$K$*$$$F!"(BMicrosoft Java VM $B$K4^$^$l$k(B javaprxy.dll COM $B%*%V%8%'%/%H$N%$%s%9%?%s%9$r:n@.$9$k$3$H$K$h$j!"%a%b%jGK2u$,H/@8!#(B $B$3$l$rMxMQ$9$k$H!"96N,(B web $B%Z!<%8$d(B HTML $B%a!<%k$+$iG$0U$N%3!<%I$r

$B!!=$@5%W%m%0%i%`$O$^$@$J$$!#2sHr$9$k$K$O!"4IM}$r;XDj$7$Fregsvr32 /u javaprxy.dll $B$r\:Y$O(B Microsoft Security Advisory (903144) $B$r;2>H!#(B

$B!!$9$G$K(B exploit $B$,8x3+$5$l$F$*$j!"$9$3$V$k4m81!#:#$9$0BP1~$5$l$?$$!#4XO"(B:

$B!!(BSEC-CONSULT SA-20050629-0 $B$K$O$3$s$J5-=R$b(B:

on the contrary, we found that at least 20 of the objects available on an average XP system either lead to an instant crash or an exception after a few reloads.

$B!!LdBj$N%H%j%,$O(B javaprxy.dll $B$K;_$^$i$J$$2DG=@-$,$"$k!#(B

2005.07.06 $BDI5-(B:

$B!!(BISS $B$,G$0U$N%3!<%I$NMicrosoft Java Virtual Machine $B$K$*$1$k%j%b!<%H$+$i$N%;%-%e%j%F%#?/32(B (ISSKK, 2005.07.06)$B!#(B $B$7$+$7!D!D(B

Buffer Overflow Exploit Prevention (BOEP) $B$r$*;H$$$N>l9g$O!"$3$NLdBj$+$iJ]8n$5$l$F$$$^$9!#$3$N5;=Q$O(B Proventia Desktop ($BF|K\9qFbL$%j%j!<%9(B)$B!"(BServer Sensor SR 4.2($BF|K\9qFbL$%j%j!<%9(B) $B$*$h$S(B 4.3 ($BF|K\9qFbL$%j%j!<%9(B) $B$KHw$o$C$F$$$^$9!#(B

$B!!(B$B%$%s%?!<%M%C%H(B $B%;%-%e%j%F%#(B $B%7%9%F%`%:!"%"%s%A%&%#%k%9%=%U%H$N(B $B%7%0%M%A%c$d%Q%?!<%s%U%!%$%k99?7$NA0$K4{CN!&L$CN$N%&%#%k%9$r(B $B6n=|$9$k (ISSKK, 2004.12.15) $B$K$h$k$H!"(BProventia Desktop $B$O(B 2005.03.01 $B$KHNGd3+;O$5$l$k$3$H$K$J$C$F$$$k$N$G$9$,!"

$B!!$^$?(B Microsoft Security Advisory (903144) $B$,2~D{$5$l!"(Bjavaprxy.dll $B$rL58z2=(B (kill bit $B$r@_Dj(B) $B$9$k%W%m%0%i%`$,G[I[$5$l$F$$$^$9!#(BWorkarounds $B$N(B Disable the Javaprxy.dll COM object from running in Internet Explorer $B$r;2>H!#?9ED$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2005.07.08 $BDI5-(B:

$B!!F|K\8lHG=P$?(B: $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (903144): COM $B%*%V%8%'%/%H(B (Javaprxy.dll) $B$K$h$j!"(BInternet Explorer $B$,0[>o=*N;$9$k(B (Microsoft)

2005.07.12 $BDI5-(B:

$B!!(B$BF|K\8l>pJs$NK]Lu%?%$%_%s%0(B ($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog, 2005.07.11)$B!#(B

$BEv=i$3$N%"%I%P%$%6%j$r8x3+$9$k:]$K2sHr:v$,$$$/$D$+8x3+$5$l$?$N$G$9$,!"@HpJs$NDs6!$r$=$l$i$N%D!<%k$,$G$-$"$,$k$^$G8+9g$o$;$F$*$j$^$7$?!#(B($BCfN,(B)
$B$H$$$&$3$H$G!"$$$^$@$K>pJs$,3NDj$7$F$+$iF|K\8l2=$9$Y$-$+!">o$KF|K\8l>pJs$r%?%$%`%j!<$K=P$9$+$NH=CG$,$D$$$F$$$^$;$s!#(B

$B!!8D?ME*$K$O!V%?%$%`%j!l$J$N$G!"$J$+$J$+$`$D$+$7$$$G$9$h$M$(!#(B

2005.07.12 $BDI5-(B:

$B!!(BJView $B%W%m%U%!%$%i$N@H $B=P$^$7$?!#=$@5FbMF$O!"(BAdvisory $B$G<($5$l$F$$$?$N$HF1$8!"(BView $B%W%m%U%!%$%i(B (Javaprxy.dll) COM $B%*%V%8%'%/%H(B (CID: 03D9F3F2-B0E3-11D2-B081-006008039BF0) $B$KBP$9$k(B Kill Bit $B$N@_Dj!#(B

2005.08.12 $BDI5-(B:

$B!!(BInternet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (896727) (MS05-038) $B$N!V(BCOM $B%*%V%8%'%/%H$N%$%s%9%?%s%92=$N%a%b%jGKB;$N@HCAN-2005-1990$B!W(B $B$G!"B>$NLdBj4^$_$N(B .dll $B$K$D$$$F$bBP1~$5$l$?$h$&$G$9!#(B

$B!!96N,%W%m%0%i%`(B ($B40A4HG(B): http://www.frsirt.com/exploits/20050809.MS05-038.pl.php

$B"#(B Vocal Cancel$B$,%&%$%k%9$J7o$K$D$$$F!#(B
(lazy_dog $B;a(B)

$B!!(B$B8EEDBYBg;a(B$B:n$N%7%'%"%&%'%"(B Vocal Cancel ($B$G$NG[I[$OCf;_$5$l$F$$$k$,(B http://hp.vector.co.jp/authors/VA013315/SOFTWARE.HTM $B$+$iF~TROJ_HIROFU.A $B$H$7$F8!=P$9$k$H$$$&!#(B

$B!!8EED;a$,(B SoftEther $B$K$b4X78(B$B$7$F$$$k4X78$G$+!"(B SoftEther VPN 2.0 $B$N%5%]!<%H$*$h$S%P%0Js9p$K$D$$$F(B (softether.com) $B$K$O$3$s$J5-=R$,(B:

Yasuhiro Furuta $BLdBj$K$D$$$F(B

$B$$$o$f$k(B Yasuhiro Furuta $BLdBj$K$D$-$^$7$F$O!"%=%U%H%$!<%53t<02q

$B!!!D!DD4::7k2LB.Js=P$^$7$?(B: SoftEther VPN 2.0 $B%Y!<%?HG%W%m%0%i%`$N0BA4@-$K$D$$$F(B($BB.Js(B) (softether.com, 2005.07.03)$B!#(BSoftEther $B$KAH$_9~$^$l$?%3!<%I$KLdBj$O$J$$$b$N$N!":#8e$b$=$N%3!<%I$r;H$$B3$1$k$+$I$&$+$K$D$$$F$O8!F$Cf$@$=$&$G$9!#(B

2005.07.04 $BDI5-(B:

$B!!(BVocal Cancel$B$,%&%$%k%9$J7o$K$D$$$F!#(B$B$,2~D{$5$l$F$$$k!#8EED;a$+$i!V%9%Q%$%&%'%"$O@5<0$J%7%j%"%k%J%s%P!pJs$O0J2<$@$=$&$@!#(B

$BMxMQ%7%j%"%k%J%s%P! $B%f!<%6!<%"%+%&%s%H$N>pJs(B(SID$BEy(B)
$B%a!<%k%"%+%&%s%H$N>pJs(B
$B%"%I%l%9D"(B
$B%@%$%d%k%"%C%W%"%+%&%s%H$N>pJs(B

$B!!(BVocal Cancel 5.05 $B$N(B README.TXT $B$K$O$3$s$J5-=R$,$"$k!#(B

$B!&IT@5;HMQ$K$D$$$F(B
$BIT@5;HMQ$K$O87$7$/BP=h$5$;$F$$$?$@$-$^$9!#(B
$B$3$NJ8=q$G$O!VIT@5;HMQ!W$H$O!"%Q%9%o!<%I$rIT@5$J $B$3$NJ8=q$G$O!VL55v2DG[I[!W$H$O!":n $BIT@5;HMQ$N$*$h$S%Q%9%o!<%I$NL55v2DG[I[$N:]$O!"8D?M>pJs$K$D$$$FD4::$5$;$F$$$?$@$/>l9g$,$4$6$$$^$9!#(B
$BIT@5;HMQ$N:]$O!"EPO?NA6b$N==G\0J2<$ND4::HqMQ$r@A5a$5$;$F$$$?$@$/>l9g$,$4$6$$$^$9!#(B
$B$^$?!"%Q%9%o!<%I$NL55v2DG[I[$N:]$K$O!":GBgB;323[$r@A5a$5$;$F$$$?$@$/>l9g$,$4$6$$$^$9!#(B
$B0-pJs$rBh;0l9g$,$4$6$$$^$9!#(B

$B!!$3$NJ8LL$@$H!"!V%"%I%l%9D"!W$N<}=8$K$D$$$F$OHO0O$r1[$($F$$$k$h$&$K;W$($k$J$"!#(B

2005.07.04 $BDI5-(B ($B$=$N(B 2):

$B!!8EED;a$K$h$k%3!<%I$,=|5n$5$l$?(B SoftEther VPN 2.0 Beta 3.2 $B$,EP>l$7$^$7$?!#;2>H(B: SoftEther VPN 2.0 $B%W%m%0%i%`$+$i$N?.Mj$G$-$J$$%3!<%I$N=|5n$K$D$$$F(B (softether.com, 2005.07.04)$B!#$J$*!"(BBeta 3.2 $B$K$O$=$NB>$K$b$$$m$$$m$J5!G=8~>e$,$J$5$l$F$$$^$9!#(B

$B"#(B 2005.07.01

$B"#(B Backup Exec for Windows Servers $B$*$h$S(B Backup Exec for NetWare Servers $B$N%;%-%e%j%F%#4+9p$K$D$$$F(B
(veritas.com, 2005.06.22)

$B!!(BVERITAS Backup Exec for NetWare 9.0, 9.1 / Backup Exec for Windows Servers 10.0, 9.0, 9.1 $B$K7g4Y$$$C$Q$$$JOC!#(B

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B!!$3$N7g4Y$r%9%-%c%s$9$kF0$-$,$"$kLOMM(B:

$B!!(BBackup Exec $B$,30$+$i$^$k$_$($H$$$&%5%$%H$OB?$/$O$J$$$H;W$&$1$I!D!D!#(B

$B"#(B Advisory 02/2005: Remote code execution in Serendipity
(bugtraq, 2005.06.30)

$B!!(BSerendipity 0.8.2 $B0JA0$K7g4Y!#(BSerendipity $B$,MxMQ$7$F$$$k(B PEAR XMLRPC $B$K$b(B XML-RPC for PHP $B$HF1MM$N7g4Y(B$B$,$"$j!"(Bremote $B$+$i$N%3!<%ICAN-2005-1921

$B!!(BPEAR XMLRPC 1.3.1 $B$G=$@5$5$l$F$$$kLOMM!#(B

$B"#(B [SA15852] XML-RPC for PHP Unspecified PHP Code Execution Vulnerability
(secunia, 2005.06.29)

$B!!(BXML-RPC for PHP 1.1.0 $B0JA0$K7g4Y!#(Bremote $B$+$i$N%3!<%I$N

2005.11.06 $BDI5-(B:

$B!!(BCVE: CAN-2005-1921

$B"#(B $B%3%s%F%s%D4IM}%7%9%F%`!V(BXOOPS$B!W$K%;%-%e%j%F%#!&%[!<%k!$(BSQL$B%$%s%8%'%/%7%g%s$J$I$r5v$9(B
($BF|7P(B IT Pro, 2005.06.30)

$B!!9-$/MxMQ$5$l$F$$$k%3%s%F%s%D4IM}%7%9%F%`(B XOOPS 2.0.11 $B0JA0$K!"(BXSS $B$d(B SQL $B%$%s%8%'%/%7%g%s$,2DG=$H$J$k7g4Y$,$"$k$=$&$@!#(B $B>\:Y(B: XOOPS 2.0.11 & Earlier Multiple Vulnerabilities (gulftech.org)

$B!!BP1~$O0J2<$N$H$*$j(B:

$B"#(B phpBB 2.0.16 released
(phpBB, 2005.06.27)

$B!!(BphpBB 2.0.15 $B0JA0$K?7$?$J7g4Y$,H/8+$5$l!"(B2.0.16 $B$G=$@5$5$l$?$=$&$G$9!#(Bstr_replace('\\', '\\\\', $highlight_match) $B$,(B str_replace('\\', '\\\\', addslashes($highlight_match)) $B$K$J$C$?$_$?$$!#(B

$B!!4XO"(B: Lucrezia$B$N%W%m%0%i%`%A%'%C%/(B phpBB$BJT(B (Lucrezia Borgia $B$N(B Room Cantarella, 2005.06.29)

$B"#(B $BDI5-(B

$B>CKI>J$N%I%a%$%s(B FDMA.GO.JP $B$KB8:_$7$?4m81@-(B(revised)
[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B