$B%;%-%e%j%F%#%[!<%k(B memo - 2006.03

Last modified: Wed May 10 14:03:09 2006 +0900 (JST)

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B"#(B 2006.03.31

$B"#(B 2006.03.30

$B"#(B $BDI5-(B

KB912945: Internet Explorer ActiveX update

$B!!(B$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (912945) Internet Explorer $BMQ$N%;%-%e%j%F%#0J30$N99?7%W%m%0%i%`(B (Microsoft) $B$,99?7$5$l$?!#(B

  • 2006.04 $B$KEP>l$9$kM=Dj$N(B IE $BMQN_@QE*99?7%W%m%0%i%`$K$O!"(B912945 $B$NFbMF$b4^$^$l$k(B

  • 2006.04 $B$KEP>l$9$kM=Dj$N(B IE $BMQN_@QE*99?7%W%m%0%i%`$HF1;~$K!"!V(BCompatibility Update $B!J8_49@-0];}$N$?$a$N99?7%W%m%0%i%`!K(B $B$r%j%j!<%9$9$kM=Dj!W(B

  • Compatibility Update $B$O!"$=$N

DNS $B$N:F5"E*$JLd9g$;$r;H$C$?(B DDoS $B967b$K4X$9$kCm0U4-5/(B

$B!!(BDNS $B$N:F5"E*$JLd9g$;$r;H$C$?(B DDoS $B967b$K4X$9$kCm0U4-5/BP1~(B(JPCERT-AT-2006-0004) (vwnet.jp)$B!#(BWindows Server 2003 $B$J?M$OFI$s$G$*$/$H5H$J$h$&$@!#(B

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B 2006.03.29

$B"#(B $BDI5-(B

[SA18680] Microsoft Internet Explorer "createTextRange()" Code Execution

$B"#(B DNS $B$N:F5"E*$JLd9g$;$r;H$C$?(B DDoS $B967b$K4X$9$kCm0U4-5/(B
(JPCERT/CC, 2006.03.29)

$B!!(BDNS $B%"%s%W$M$?!#$H$$$C$F$b!"!V(BDDoS $B967b$rKI$0!WOC$G$O$J$/!"!V(BDDoS $B967b$KMxMQ$5$l$J$$(B ($BF'$_Bf$K$J$i$J$$(B) $B$?$a$K$O$I$&$9$Y$-$+!W$H$$$&OC!#(B $B6qBNE*$J:n6H$K$D$$$F$O!"(BDNS $B$N:F5"E*$JLd9g$;$r;H$C$?(B DDoS $B967b$NBP:v$K$D$$$F(B (JPRS) $B$r;2>H!#4XO"(B:

$B!!Cm0U4-5/$K$b5-:\$5$l$F$$$k$,!"(BDNS $B%"%s%W$K$D$$$F$O!":G6a!"(BDNS Amplification Attacks $B$H$$$&J8=q$,8x3+$5$l$F$$$k!#(B($B$^$@FI$a$F$J$$!D!D(B(T_T))

2006.03.30 $BDI5-(B:

$B!!(BDNS $B$N:F5"E*$JLd9g$;$r;H$C$?(B DDoS $B967b$K4X$9$kCm0U4-5/BP1~(B(JPCERT-AT-2006-0004) (vwnet.jp)$B!#(BWindows Server 2003 $B$J?M$OFI$s$G$*$/$H5H$J$h$&$@!#(B

$B"#(B 2006.03.28

$B"#(B IE$B$KL$%Q%C%A$N@H
(Internet Watch, 2006.03.27)

$B!!:#EY$O(B .HTA $B$@$=$&$G$9!#(B

$B!!$^$?$7$F$b(B IE 7 beta 2 $B$K$O1F6A$7$J$$$N$@$=$&$G!#(B

$B"#(B $BDI5-(B

[SA18680] Microsoft Internet Explorer "createTextRange()" Code Execution

$B!!$I$&$d$i(B in the wild $B>uBV$KFMF~$7$F$$$k$h$&$G$9!#(B

$B!!%"%s%A%&%$%k%97O$NBP1~(B:

$B!!(BIDS / IPS $B7O$NBP1~(B:

$B"#(B 2006.03.27

$B"#(B Google$B$N9-9p$K@x$`!"%^%k%&%'%"G[I[
(Semplice, 2006.03.22)

$B!!(Bgoogle $B%"%I%o!<%:9-9p$K$O!"%$%s%A%-%=%U%H$,4^$^$l$F$$$k$H$$$&OC!#(B $B$7$+$b(B 1 $B$D$d(B 2 $B$D$G$O$J$$LOMM!#(B Luca $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!$5$C$=$/!V(BPal Spyware Remover$B!W$G$0$0$C$F$_$?$j$7$F$_$k$H!"3N$+$K(B Pal Software $B$,$"$j!"$7$+$b(B Site Advisor $B7/$O%A%'%C%/%^!<%/$r$D$1$A$c$C$F$^$9$M!#(B $B$*$^$1$K!"8!:w7k2L$N(B 1 $B%Z!<%8L\$NKvHx$K$J$<$+(B sharp.co.jp $B$,!D!D(B($B2hA|(B)$B!#(B $B$3$l$O2?(B? $B$J$s$@$+%3%a%s%H%9%Q%`$C$]$$46$8$G$O$"$k$1$l$I!#(B

$B"#(B $B=$@5:Q$_(B Web $B%"%W%j%1!<%7%g%s$N@H
($BMU$C$QF|5-(B, 2006.03.24)

$B!!MU$C$Q$5$s$,(B IPA $B$KJs9p$7$F!"=$@5$5$l$?(B / $B=$@5$5$l$J$+$C$?(B web $B%5%$%H7g4Y$N$&$A!"!VBeI=E*$J$b$N!W$N0lMw!#$$$m$$$m$"$k$b$N$J$s$G$9$M!#(B

$B"#(B 2006.03.25

$B"#(B 2006.03.24

$B"#(B RealNetworks, Inc.$B!"%;%-%e%j%F%#@H
(RealNetworks, 2006.03.22)

$B!!(BRealNetworks $B$N(B

  • Windows $BMQ(B Real Player 8$B!A(B10.5 / RealOne Player v[12] / RealPlayer Enterprise / Rhapsody 3
  • Mac $BMQ(B RealOne Player / RealPlayer 10
  • Linux $BMQ(B Helix Player / RealPlayer 10

$B$K(B 4 $B$D$NLdBj!#(B

$B!!LdBj$,8BDj$5$l$F$$$k$b$N$b$"$k!#(B

  • RealPlayer Enterprise $B$OLdBj(B 2 $B$H(B 4 $B$N$_(B
  • Rhapsody 3 $B$OLdBj(B 2 $B$N$_(B
  • Mac $BMQ(B RealOne Player / RealPlayer 10 $B$OLdBj(B 2 $B$H(B 3 $B$N$_(B
  • Linux $BMQ(B Helix Player / RealPlayer 10 (10.0.0 $B!A(B 10.0.5) $B$OLdBj(B 2 $B$H(B 3 $B$N$_(B
  • Linux $BMQ(B Helix Player / RealPlayer 10 (10.0.6) $B$OLdBj(B 2 $B$N$_(B

$B!!

  • Rhapsody 2
  • Nokia Series60 $B7HBSEEOCCPalm OS $BMQ(B RealPlayer / RealOne Player

$B!!0J2<$N%P!<%8%g%s$G=$@5$5$l$F$$$k!#(B

  • Windows $BMQ(B RealPlayer 10.5 (6.0.12.1483)$B!"(BRhapsody 3 (build 1.0.270)
  • Mac $BMQ(B RealPlayer 10 (10.0.0.352)
  • Linux $BMQ(B RealPlayer 10 (10.0.7)$B!"(BHelix Player (10.0.7)

$B!!4XO"(B: [Full-disclosure] iDefense Security Advisory 03.23.06: RealNetworks RealPlayer and Helix Player Invalid Chunk Size Heap Overflow Vulnerability$B!#(B CVE: CAN-2005-2922

$B"#(B $BDI5-(B

[SA18680] Microsoft Internet Explorer "createTextRange()" Code Execution

$B!!(BMicrosoft Security Advisory $B$,=P$^$7$?(B:

$B!!(BMSSA 917077 $B$K(B

$BCm(B: 2006 $BG/(B 3 $B7n(B 20 $BF|$K%j%j!<%9$5$l$?(B Microsoft Internet Explorer 7 $B%Y!<%?(B 2 $B%W%l%S%e!<(B $B$r$4;HMQ$N$*5RMM$O$3$N8x3+$5$l$?Js9p$K$h$k1F6A$r

$B$HL@5-$5$l$F$$$k$N$G!"$3$l$K$"$o$;$F:rF|$N5-=R$r=$@5$7$^$7$?!#(B

$B!!$3$N7g4Y$rSANS ISC Infocon $B$,(B Yellow $B$K(B$B$J$C$F$$$^$9!#(B

$B!!4XO">pJs(B:

$B"#(B 2006.03.23

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B $BDI5-(B

APSB06-03 Flash Player Update to Address Security Vulnerabilities

$B!!@)8B%f!<%6$G;H$($J$$7o!"EvLL$N2sHr:v$,8x3+$5$l$F$$$^$9(B:

$B!!%l%8%9%H%j%-!<(B HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ $B$K(B everyone: read $B$r$D$1$l$P$h$$$=$&$G$9!#(B

$B"#(B [SA18680] Microsoft Internet Explorer "createTextRange()" Code Execution
(secunia, 2006.03.23)

$B!!(BWindows XP SP2 $B>e$N(B IE 6.0 (6.0 SP2) $B$K7g4Y!#(BcreateTextRange() $B%a%=%C%I$N=hM}$K7g4Y$,$"$j!"96N,(B web $B%Z!<%8$K$h$C$FG$0U$N%3!<%I$r

$B!!(Bpatch $B$O$^$@$J$$!#(B JavaScript $B$rL58z$K$9$k$3$H$G2sHr$G$-$k!#(B

$B!!(BDoS $B$H$J$k(B PoC $B%3!<%I(B: IE crash

$B!!4XO"(B:

2006.03.24 $BDI5-(B:

$B!!(BMicrosoft Security Advisory $B$,=P$^$7$?(B:

$B!!(BMSSA 917077 $B$K(B

$BCm(B: 2006 $BG/(B 3 $B7n(B 20 $BF|$K%j%j!<%9$5$l$?(B Microsoft Internet Explorer 7 $B%Y!<%?(B 2 $B%W%l%S%e!<(B $B$r$4;HMQ$N$*5RMM$O$3$N8x3+$5$l$?Js9p$K$h$k1F6A$r

$B$HL@5-$5$l$F$$$k$N$G!"$3$l$K$"$o$;$F:rF|$N5-=R$r=$@5$7$^$7$?!#(B

$B!!$3$N7g4Y$rSANS ISC Infocon $B$,(B Yellow $B$K(B$B$J$C$F$$$^$9!#(B

$B!!4XO">pJs(B:

2006.03.28 $BDI5-(B:

$B!!$I$&$d$i(B in the wild $B>uBV$KFMF~$7$F$$$k$h$&$G$9!#(B

$B!!%"%s%A%&%$%k%97O$NBP1~(B:

$B!!(BIDS / IPS $B7O$NBP1~(B:

2006.03.29 $BDI5-(B:

$B"#(B libcurl TFTP Packet Buffer Overflow Vulnerability
(Project cURL, 2006.03.20)

$B!!(Bcurl $B$*$h$S(B libcurl 7.15.2 $B0JA0$K7g4Y!#D9Bg$J(B tftp:// URL $B$r;XDj$9$k$H(B heap overflow $B$,H/@8$9$k!#(BCVE: CVE-2006-1061

$B!!(Bcurl $B$*$h$S(B libcurl 7.15.3 $B0J9_$G=$@5$5$l$F$$$k!#$^$?(B patch $B$,MQ0U$5$l$F$$$k!#(B

fix / patch:

$B"#(B [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0
(X.Org, 2006.03.20)

$B!!(BX.Org $B$N(B

  • X11R7.0 $B$K4^$^$l$k(B xorg-server 1.0.0 $B$*$h$S(B 1.0.1
  • X11R6.9.0

$B$K7g4Y!#(B-modulepath $B%*%W%7%g%s$N=hM}$K7g4Y$,$"$j!"(Blocal user $B$,(B root $B8"8B$rCVE-2006-0745

$B!!(BX11R6.9.0$B!"$*$h$S(B X11R7.0 $B$N(B xorg-server 1.0.0 / 1.0.1 $BMQ$N(B patch $B$,MQ0U$5$l$F$$$k!#$^$?(B xorg-server 1.0.2 $B$G=$@5$5$l$F$$$k!#(B

fix / patch:

$B"#(B JVNVU#834865: sendmail $B$K$*$1$k%7%0%J%k$N07$$$K4X$9$k@H
(JVN, 2006.03.23)

$B!!(Bsendmail 8.13.5 $B0JA0$KHsF14|%7%0%J%k$N07$$$K4X$9$k7g4Y$,$"$j!"6%9g>uBV$,H/@8!"(Bremote $B$+$iG$0U$N%3!<%I$N&MQHG$K$bF1MM$N7g4Y$,$"$k$,!"(BWindows $BMQ$K$O$3$N7g4Y$O$J$$!#(B $B$J$*!"$3$N@\@\B3$7$J$1$l$P$J$i$J$$!#(B

$B!!(Bsendmail 8.13.6 $B$G=$@5$5$l$F$$$kB>!"(B8.13.5 $B$*$h$S(B 8.12.11 $BMQ$N(B patch $B$,MQ0U$5$l$F$$$k!#(BUNIX / Linux $BMQ$N(B sendmail $B>&MQHG$K$b=$@5HG$,MQ0U$5$l$F$$$k!#(B

fix / patch:

$B"#(B 2006.03.22

$B"#(B $BDI5-(B

$B%&%$%k%9Dj5A!J(BDAT$B!K%U%!%$%k(B4719$B$G$N(BScan32$B%(%i!<$K$D$$$F(B

$B!!(B$B%&%$%k%9Dj5A!J(BDAT$B!K%U%!%$%k(B4720$B0J9_$G$N%"%W%j%1!<%7%g%s%(%i!<$K$D$$$F(B ($B%^%+%U%#!<(B, 3/20)

$B%&%$%k%9Dj5A!J(BDAT$B!K%U%!%$%k(B4720$B0J9_$K$*$1$k%"%W%j%1!<%7%g%s%(%i!<$NMW0x$OFCDj$NJ8;z%Q%?!<%s$r$b$D%U%!%$%k$r%a%b%j>e$KE83+$7$?:]$K!"$^$l$K%"%W%j%1!<%7%g%s%(%i!<$r5/$3$9@x:_E*$JLdBj$G$"$k$3$H$,3NG'$G$-$^$7$?!#(B

$B%"%W%j%1!<%7%g%s%(%i!<$r5/$3$92DG=@-$,$"$kJ8;z%Q%?!<%s$r:#8e$N%&%$%k%9Dj5A!J(BDAT$B!K%U%!%$%k$K$bDI2C$7$F$$$/M=Dj$G$9$,!":,K\2r7h:v$H$7$F$O!"%&%$%k%9Dj5A!J(BDAT$B!K%U%!%$%k$G$N=$@5$G$O$J$/!"%9%-%c%s%(%s%8%s$N=$@5$,I,MW$H$J$j$^$9!#(B

$BK\=$@5$O:#8e%j%j!<%9M=Dj$N%9%-%c%s%(%s%8%s(B5000$B$K4^$^$l$^$9$,!"Aa4|$NBP1~$r$4MWK>$N>l9g$O%F%/%K%+%k%5%]!<%H$^$G$*Ld$$9g$o$;$/$@$5$$!#(B

$B!!2?$=$l!D!D!#(B

$B"#(B 2006.03.20

$B"#(B 2006.03.19

$B"#(B 2006.03.18

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B $BDI5-(B

$B%&%$%k%9Dj5A!J(BDAT$B!K%U%!%$%k(B4715$B$G$N(BW95/CTX$B%&%$%k%98mG'<1$K$D$$$F(B

$B!!(BDAT4715$B$N(B W95/CTX$B8m8!CN$K4X$9$k2sEz=q(B ($B%^%+%U%#!<(B, 3/16) $B$,8x3+$5$l$F$^$7$?!#(B

Q$B!'$J$<$3$N8m8!=P$O$3$l$[$I3HBg$7$?$N$G$9$+!)(B DAT$B$N%F%9%H$O9T$o$J$$$N$G$9$+!)(B

A$B!'8!>Z%F%9%H$GH/8=$7$J$+$C$?$N$b!"%f!<%6MM$G8m8!CN$N>c32$r0z$-5/$3$7$?$N$b!"#D#A#T(B4715$BCf$N3:Ev%7%0%M%A%c$NHs>o$KJ#;($J%m%8%C%/>e$G$N7g4Y$,860x$G$7$?!#(B

$B7P0^!'(B
$B!!?7$7$$(B W95/CTX$B$N0! $B!!$7$?$,$C$F!"Ev3:%7%0%M%A%c$r%Q%U%)!<%^%s%9$X$N7|G0$,>/$J$$%G%9%/%H%C%W@=IJ!"$7$+$b%*%s%G%^%s%I%9%-%c%s;~$N$_$K8BDjE*$KE,MQ$5$l$k$b$N$H$7$F:n@.$7%F%9%H$r
$B$3$N8BDjE,MQ$N%7%0%M%A%cCf$N%m%8%C%/$,!"8!CN%W%m%;%9$NESCf$G%&%$%k%9$NFCDj!&=$I|$r?J$a$F$7$^$&7g4Y$r$b$C$F$$$^$7$?!#(B

$B!!$^$?!"$3$N7g4Y$,$=$N8e$N$9$Y$F$N%F%9%H$G$N82:_2=$r2sHr$7!"%F%9%H$r$9$jH4$1$F$7$^$$$^$7$?!#(B

$B!!$D$^$j!"%^%+%U%#!<$O%*%s%G%^%s%I%9%-%c%s$K4X$9$k%F%9%H$r0l@Z9T$C$F$$$J$+$C$?!"$H$$$&$3$H$G$9$+(B?

$BJ@pJs$r?WB.$KG[?.$9$k$?$a$K$"$i$f$k%D!<%k$r3hMQ$7$^$7$?$,!"$3$N8m8!CN$K4X$7$F$O!"$9$0$KDLCN$r$7$^$9!#(B

$B!!!V$"$i$f$k%D!<%k$r3hMQ!W$7$?$N$G$"$l$P!"$?$H$($P!V%^%+%U%#!

$B!V(BRFID$B%?%0$b%&%$%k%9$K46@w$9$k2DG=@-$"$j!W!$%*%i%s%@$N8&5f

$B!!(B$B!V(BIC$B%?%0$K$h$k%&%$%k%946@w$O$^$:$J$$!W!"(BIC$B%?%06H3&$+$iH?O@(B ($BF|7P(B IT Pro, 2006.03.17)$B!#(B $B!VH?O@!W$7$F$$$k?M$O!"$=$b$=$b2?$,;XE&$5$l$F$$$k$N$+$r$-$A$s$HM}2r$G$-$F$$$J$$$h$&$J5$$,$9$k$J$"!#(B $B0J2$B%j!<%P%C%/;a(B$B!W$OO@J8$NCx

$B!!$3$l$KBP$7$F%"%7%e%H%s;a$O!":#2s$N8&5f$,(BPC$B%7%9%F%`$HHf3S$7$F$$$k$3$H$KLdBj$,$"$k$H

$B!!!V6r$+$J7j!W$N$"$k%7%9%F%`$ODA$7$/$J$$!"$H$$$&G'<1$O$3$N?M$K$O$J$$$N$+$J!#(B

$B!!%j!<%P%C%/;a$K$h$l$P!":#2s$N8&5f$NL\E*$O!">&MQ$N%_%I%k%&%(%"%Y%s%@!<$d%"%W%j%1!<%7%g%s3+H/

$B!!$*$C$7$c$k$H$*$j$@$H;W$&$7!#(B $B4m81@-$r;XE&$9$k$3$H$K$h$C$F!"!V6r$+$J7j!W$N$"$k%7%9%F%`$,$D$/$i$l$J$$$h$&B%$7$F$$$k$o$1$G!#(B

$B!!$A$J$_$K!"H/I=$5$l$?O@J8(B Is Your Cat Infected with a Computer Virus? $B$O!"(BIEEE PerCom 2006 $B$N(B Best Paper Award $B$r^$7$?$=$&$G$9!#(B

Mac OS X$B$N%;%-%e%j%F%#%Q%C%A!"(BSafari$B$J$I$N4m81$J@H

$B!!$5$C$=$/(B Security Update 2006-002 v1.1 $B$H$$$&$b$N$,=P$F$$$^$9!#(B

$B!!(Bv1.0 $B$H(B v1.1 $B$G$O2?$,0c$&$N$+(B? $B$h$/$o$+$j$^$;$s$,!"$=$N(B 1 $B$D$O(B Safari $BJ}LL$N$h$&$G$9!#(B

$B"#(B New IE 0-Day Exploit in Wild
(SANS ISC, 2006.03.17)

$B!!$3$NOC$N$h$&$G$9!#(B

$B!!(BSANS ISC $B$O(B

Both McAfee and Symantec have released signatures to detect this exploit.

$B$H$7$F$$$k$1$I!"$=$l$G$"$m$&(B Exploit-ScriptAction ($B%^%+%U%#!<(B) $B$O(B DAT4722 $B$GBP1~M=Dj$K$J$C$F$$$k!#(B$B%7%^%s%F%C%/$N%Z!<%8(B $B$+$i$O$_$D$1$i$l$J$+$C$?!#(B $B%H%l%s%I%^%$%/%m$O!"(BHTML_SCRIPTACT.A $B$,$=$l$C$]$$$+(B? 3.270.08 (CPR) $B$GBP1~$7$F$$$k$=$&$J!#(B

$B"#(B 2006.03.17

$B"#(B $B%&%$%k%9Dj5A!J(BDAT$B!K%U%!%$%k(B4719$B$G$N(BScan32$B%(%i!<$K$D$$$F(B
($B%^%+%U%#!<(B, 2006.03.16)

$B!!(BDAT4715 $B$KB3$$$F(B DAT4719 $B$G!"$^$?$7$F$b%*%s%G%^%s%I%9%-%c%s$G$N$_H/@8$9$kIT6q9g!#(BVSE 8.0i $B$N%*%s%G%^%s%I%9%-%c%s$,(B Java Runtime Environment (JRE) $B$G0[>o=*N;$7$F$7$^$&!#(BDAT4720 $B$G=$@5$5$l$F$$$k$=$&$@$,!"%^%+%U%#!<$O$$$C$?$$$I$s$J%F%9%H$r$7$?>e$G(B DAT $B$r8x3+$7$F$$$k$N$@$m$&!#$J$K$7$m:rF|$N:#F|$@$+$i$J$"!D!D!#(B

2006.03.22 $BDI5-(B:

$B!!(B$B%&%$%k%9Dj5A!J(BDAT$B!K%U%!%$%k(B4720$B0J9_$G$N%"%W%j%1!<%7%g%s%(%i!<$K$D$$$F(B ($B%^%+%U%#!<(B, 3/20)

$B%&%$%k%9Dj5A!J(BDAT$B!K%U%!%$%k(B4720$B0J9_$K$*$1$k%"%W%j%1!<%7%g%s%(%i!<$NMW0x$OFCDj$NJ8;z%Q%?!<%s$r$b$D%U%!%$%k$r%a%b%j>e$KE83+$7$?:]$K!"$^$l$K%"%W%j%1!<%7%g%s%(%i!<$r5/$3$9@x:_E*$JLdBj$G$"$k$3$H$,3NG'$G$-$^$7$?!#(B

$B%"%W%j%1!<%7%g%s%(%i!<$r5/$3$92DG=@-$,$"$kJ8;z%Q%?!<%s$r:#8e$N%&%$%k%9Dj5A!J(BDAT$B!K%U%!%$%k$K$bDI2C$7$F$$$/M=Dj$G$9$,!":,K\2r7h:v$H$7$F$O!"%&%$%k%9Dj5A!J(BDAT$B!K%U%!%$%k$G$N=$@5$G$O$J$/!"%9%-%c%s%(%s%8%s$N=$@5$,I,MW$H$J$j$^$9!#(B

$BK\=$@5$O:#8e%j%j!<%9M=Dj$N%9%-%c%s%(%s%8%s(B5000$B$K4^$^$l$^$9$,!"Aa4|$NBP1~$r$4MWK>$N>l9g$O%F%/%K%+%k%5%]!<%H$^$G$*Ld$$9g$o$;$/$@$5$$!#(B

$B!!2?$=$l!D!D!#(B

$B"#(B $BDI5-(B

APSB06-03 Flash Player Update to Address Security Vulnerabilities

$B!!?7HG$K(B upgrade $B$9$k$H!"(BWindows $B@)8B%f!<%6(B + Internet Explorer $B$J>u67$G$&$^$/F0$+$J$/$J$k$h$&$G$9!#(B

Windows local privilege escalation - Windows access control

$B!!(Bpatch $B=P$^$7$?(B: $B@)8B$N>/$J$$(B Windows $B%5!<%S%9$N(B DACL $B$K$h$j!"FC8"$,>:3J$5$l$k(B (914798) (MS06-011) (Microsoft)$B!#(B $B$3$l$K$"$o$;$F!"(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (914457): Windows ACL $B$K4X$9$k@H (Microsoft) $B$b99?7$5$l$F$$$^$9!#(B

$B"#(B 2006.03.16

$B"#(B $B!V(BRFID$B%?%0$b%&%$%k%9$K46@w$9$k2DG=@-$"$j!W!$%*%i%s%@$N8&5f
($BF|7P(B IT Pro, 2006.03.16)

$B!!(BRFID $B$N=hM}$K4X$7$F7g4Y$,$"$l$P!"$=$N7g4Y$rFM$/$h$&$J96N,%G!<%?$D$-$N(B RFID $B$r:n@.$9$k$3$H$,2DG=!"$H$$$&OC$G$$$$$N$+$J!#(B.jpg $B$d(B .wmf $B$G(B exploit $B$r$D$/$l$k$N$@$+$i!"(BRFID $B$G$b$D$/$l$k$N$G$7$g$&$M!#$*$^$1$K(B .jpg $B$d(B .wmf $B$H0c$C$F!"(BRFID $B%G!<%?$O%G!<%?%Y!<%9$HO"F0$7$F07$o$l$k$N$G(B

RFID$B%?%0$O!$%_%I%k%&%(%"$d%P%C%/%(%s%I$N%G!<%?%Y!<%9$N@H

RFID $B%G!<%?$G(B SQL $B%$%s%8%'%/%7%g%s$H$+$5$l$k2DG=@-$,$"$k$H!#(B $B5$$r$D$1$J$$$H$9$4$/%d%P$=$&$G$9!#(B

$B!!85$M$?(B: RFID Viruses and Worms (rfidvirus.org)$B!#(B $B4XO"(B: F-Secure Anti-Virus for Cats (F-Secure blog)

2006.03.18 $BDI5-(B:

$B!!(B$B!V(BIC$B%?%0$K$h$k%&%$%k%946@w$O$^$:$J$$!W!"(BIC$B%?%06H3&$+$iH?O@(B ($BF|7P(B IT Pro, 2006.03.17)$B!#(B $B!VH?O@!W$7$F$$$k?M$O!"$=$b$=$b2?$,;XE&$5$l$F$$$k$N$+$r$-$A$s$HM}2r$G$-$F$$$J$$$h$&$J5$$,$9$k$J$"!#(B $B0J2$B%j!<%P%C%/;a(B$B!W$OO@J8$NCx

$B!!$3$l$KBP$7$F%"%7%e%H%s;a$O!":#2s$N8&5f$,(BPC$B%7%9%F%`$HHf3S$7$F$$$k$3$H$KLdBj$,$"$k$H

$B!!!V6r$+$J7j!W$N$"$k%7%9%F%`$ODA$7$/$J$$!"$H$$$&G'<1$O$3$N?M$K$O$J$$$N$+$J!#(B

$B!!%j!<%P%C%/;a$K$h$l$P!":#2s$N8&5f$NL\E*$O!">&MQ$N%_%I%k%&%(%"%Y%s%@!<$d%"%W%j%1!<%7%g%s3+H/

$B!!$*$C$7$c$k$H$*$j$@$H;W$&$7!#4m81@-$r;XE&$9$k$3$H$K$h$C$F!"!V6r$+$J7j!W$N$"$k%7%9%F%`$,$D$/$i$l$J$$$h$&B%$7$F$$$k$o$1$G!#(B

$B!!$A$J$_$K!"H/I=$5$l$?O@J8(B Is Your Cat Infected with a Computer Virus? $B$O!"(BIEEE PerCom 2006 $B$N(B Best Paper Award for Most Impact $B$r^$7$?$=$&$G$9!#(B

2006.04.03 $BDI5-(B:

$B!!:j;3$5$s$+$i(B ($B>pJs$"$j$,$H$&$4$6$$$^$9(B: $B>R2p$,CY$/$F$9$$$^$;$s(B)

Cambridge$BBg(BCSG$B%V%m%0$K(BFrank Stajano $B$5$s$,=q$$$F$$$k$H$3$m$K$h$k$H(B
http://www.lightbluetouchpaper.org/2006/03/16/cat-with-computer-virus/

$B^$7$?$N$O(B "best paper for high impact$B!I(B (RFID Virus $B$N%Z!<%8$@$H(B "the Best Paper Award for Most Impact" )$B$H$$$&!"$3$NO@J8$NH?6A$r4U$_$FB(@J$G:n$i$l$?>^$G!"(BPerCom $B$N;vA0$KM=Dj$5$l$F$$$?(B Best Paper $B>^(B $B$KAjEv$9$k(B "Mark Weiser award" $B$O!"JL$NO@J8$KBP$7$FB#$i$l$?!"$H$$$&$3$H$N$h$&$G$9!#(B

$B!!>e5-$K$"$o$;$F5-=R$r=$@5$7$^$7$?!#(B_o_

$B"#(B Microsoft$B%Q%C%A>pJs(B 2006$BG/(B3$B7n(B
($B=;>&>pJs%7%9%F%`(B / eEye, 2006.03.15)

$B!!(BeEye $B$K$h$k(B Microsoft 2006.03 patch (MS06-011, MS06-012) $B$N2r@b!#9b66$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2006.03.15

$B"#(B APSB06-03 Flash Player Update to Address Security Vulnerabilities
(Adobe, 2006.03.15)

$B!!(BAdobe (Macromedia) Flash Player 8.0.22.0 $B0JA0$d(B Shockwave Player $B$J$I$K=EBg$J7g4Y$,H/8+$5$l!":G?7HG$G=$@5$5$l$?LOMM!#(B CVE: CVE-2006-0024$B!#J!ED$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B APSB06-03 $B$+$i0zMQ(B:

Affected Software Recommended Player Update Availability
Flash Player 8.0.22.0 and earlier 8.0.24.0 or 7.0.63.0 Player Download Center
Flash Player 8.0.22.0 and earlier - network distribution 8.0.24.0 or 7.0.63.0 Player Licensing
Flash Professional 8, Flash Basic 8.0.24.0 Flash Player 8 Update for Flash Basic 8 and Flash Professional 8
Flash MX 2004 7.0.63.0 Flash Player 7 Update for Flash MX 2004 and Flash MX Professional 2004
Flex 1.5 8.0.24.0 Flash Debug Player Updater
Breeze Meeting Add-In 7.0.55.331 (Win), 7.0.55.118 (Mac) Breeze Downloads Page
Shockwave Player 10.1.1 Shockwave Player Download Center

$B!!(Bnetwork distribution $BHG$N$H$3$m$X9T$C$F%i%$%;%s%9$rl9g$J$I$KJXMx!#(B

$B!!4XO"(B:

2006.03.17 $BDI5-(B:

$B!!?7HG$K(B upgrade $B$9$k$H!"(BWindows $B@)8B%f!<%6(B + Internet Explorer $B$J>u67$G$&$^$/F0$+$J$/$J$k$h$&$G$9!#(B

2006.03.23 $BDI5-(B:

$B!!@)8B%f!<%6$G;H$($J$$7o!"EvLL$N2sHr:v$,8x3+$5$l$F$$$^$9(B:

$B!!%l%8%9%H%j%-!<(B HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ $B$K(B everyone: read $B$r$D$1$l$P$h$$$=$&$G$9!#(B

2006.05.10 $BDI5-(B:

$B!!F|K\8lHG(B Advisory $B=P$F$^$7$?(B: APSB06-03 Flash Player $B@H (adobe)

$B!!(BIE $B$KF1:-$5$l$F$$$?(B Flash Player $B$K$D$$$F$O!"(BAdobe $B$N(B Macromedia Flash Player $B$N@H $B$GBP1~$5$l$F$$$^$9!#(B

$B"#(B 2006.03.14

$B"#(B Mac OS X$B$N%;%-%e%j%F%#%Q%C%A!"(BSafari$B$J$I$N4m81$J@H
(Internet Watch, 2006.03.14)

$B!!$3$NA0=P$?$P$C$+$J$N$K!"$^$?=P$?$s$G$9$M!#(B

$B!!$3$NA0$N$d$D(B (Security Update 2006-001) $B$K$OJ#?t$NIT6q9g$,$"$C$?$=$&$G!"$=$l$b=$@5$5$l$F$$$^$9!#(B

$B!V(BSecurity Update 2006-001$B!W$NF3F~$K$h$jH/8+$5$l$?0J2<$N%;%-%e%j%F%#0J30$NLdBj$K$D$$$F$b!":#2s$N%"%C%W%G!<%H$GBP=h$7$^$7$?!#(B
  • $B%@%&%s%m!<%I8!>Z!'(B$B!V(BSecurity Update 2006-001$B!W$G$O!"(BWord $BJ8=q$J$IFCDj$N0BA4$J%U%!%$%k%?%$%W$d%+%9%?%`%"%$%3%s$r4^$`%U%)%k%@$KBP$7$F!"%f!<%6$K7Y9p$,I=<($5$l$k>l9g$,$"$j$^$7$?!#:#2s$N%"%C%W%G!<%H$G$O!"$3$N$h$&$JI,MW$N$J$$7Y9p$,:o=|$5$l$^$7$?!#(B
  • apache_mod_php$B!'(B$B:#2s$N%"%C%W%G!<%H$G$O!"(BPHP 4.4.1 $B$K4^$^$l$kJQ99E@$K$h$j(B SquirrelMail $B$,5!G=$7$J$/$J$kLdBj$,=$@5$5$l$^$7$?!#(B
  • rsync$B!'(B$B:#2s$N%"%C%W%G!<%H$G$O!"(Brsync $B$K4^$^$l$kJQ99E@$K$h$j!V(B--delete$B!W%3%^%s%I%i%$%s%*%W%7%g%s$,5!G=$7$J$/$J$kLdBj$,=$@5$5$l$^$7$?!#(B

$B!!4XO"(B:

2006.03.18 $BDI5-(B:

$B!!$5$C$=$/(B Security Update 2006-002 v1.1 $B$H$$$&$b$N$,=P$F$$$^$9!#(B

$B!!(Bv1.0 $B$H(B v1.1 $B$G$O2?$,0c$&$N$+(B? $B$h$/$o$+$j$^$;$s$,!"$=$N(B 1 $B$D$O(B Safari $BJ}LL$N$h$&$G$9!#(B

$B"#(B 2006.03.13

$B"#(B $B!V:F@8IJ<'5$%F!<%W$K$O87=E$JCm0U$r!W!$IY;N
($BF|7P(B IT Pro, 2006.03.13)

$B;HMQ:Q$_%+!<%H%j%C%8$N%G!<%?$r40A4$K>C5n$9$k$?$a$K$O!$0lHLE*$K!$6/$$<'>l$rMxMQ$7$F%G!<%?$r0l3g>C5n$9$k!V>C<'!W=hM}$r9T$&!#$3$l$O=i4|$N(B DLTtape$B$J$I$K$OM-8z$@$,!$(BLTO$B$d(B3592$B$J$I$N?7$7$$%F!<%W!&%+!<%H%j%C%8$N>l9g$O!$?t;~4V$r$+$1$F%+!<%H%j%C%8A4BN$N%G!<%?$N!V%;%-%e%j%F%#>C5n!W!$$D$^$j40A4$J>e=q$-$,I,MW$H$J$k!#$7$+$7!V%3%9%H$K8+9g$o$J$$$?$a!$$^$C$?$/9T$o$l$F$$$J$$!W!JF1

$B!!$*$)!"$=$&$J$N$G$9$+!D!D!#$=$l$OCN$j$^$;$s$G$7$?!#(B

$B"#(B [Namazu-users-ja 706] $BF|K\8lA4J88!:w%7%9%F%`(B Namazu 2.0.16 $B%j%j!<%9(B
(namazu.org, 2006.03.12)

$B!!(Bnamazu 2.0.15 $B0JA0$N(B namazu.cgi $B$*$h$S(B 2002.11.16 $B0JA0$N(B pnamazu$B$K(B Directory Traversal $BLdBj$,B8:_$7!"(BWeb $B%5!<%PFb$N%U%!%$%k$rC%

$B"#(B $B%&%$%k%9Dj5A!J(BDAT$B!K%U%!%$%k(B4715$B$G$N(BW95/CTX$B%&%$%k%98mG'<1$K$D$$$F(B
($B%^%+%U%#!<(B, 2006.03.12)

$B!!(BDAT4715 $B$G@5>o$J%U%!%$%k$r(B W95/CTX $B$H8m8!=P$9$k$h$&$G$9!#(BDAT4716 $B$GD>$C$F$$$^$9!#(B Cynos $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2006$BG/(B3$B7n(B11$BF|8aA0(B 3$B;~(B 30$BJ,!A8aA0(B9$B;~$K(BPC$B$r5/F0$7$F$*$j!"$=$N4V$K(BDAT4715$B$X$N<+F099?7$^$?$Ol9g!"8m8!CN$OH/@8$$$?$7$^$;$s!#!K(B

$B!!%*%s%G%^%s%I%9%-%c%s$G$N$_H/@8$9$k(B ($B%*%s%"%/%;%9%9%-%c%s$G$OH/@8$7$J$$(B) $B$=$&$G$9!#%*%s%G%^%s%I%9%-%c%s$r%9%1%8%e!<%kW95/CTX $B$h$j(B:

-- 2006$BG/(B3$B7n(B10$BF|(B18:50 $B!JB@J?MN2F;~4V!K99?7(B --

$B!&0J2<$N%U%!%$%k$O!"8m$C$?G'<1$r%H%j%,$9$k$3$H$,$o$+$C$F$$$^$9!#!J2<$K7G:\$N8!=PMW5a$r$43NG'$/$@$5$$!#!K(B

$B0J2<$N%j%9%H$O!"$9$Y$F$rLVMe$9$k$b$N$G$O$J$/!"

File Name Description
usersid.exe Windows XP file
imjpinst.exe Windows XP file
ecenter.exe Dell file
ntfstype.exe Utility
adobeupdatemanager.exe Adobe Update Manager
gtb2k1033.exe Google Toolbar Installer
43gcjvgahnu44.ths Macromedia Flash Player 7.0 r19
excel.exe Microsoft Excel
graph.exe Microsoft Excel

$B!!(Bexcel.exe $B!D!D(B $B$^$:$9$.$^$9(B orz$B!#(B $Borz

$B!!(B$B8m8!=P$9$k%U%!%$%k$N0lMw(B$B$,8x3+$5$l$F$$$^$9!#$m$=$m$R$C$+$+$C$F$?$j$7$^$7$?!#(B

$B!!4XO"(B: $B%^%+%U%#! ($B%^%+%U%#!<(B)$B!#(B $B8!1V%G%#%l%/%H%j$K0\F0$7$F$$$?>l9g$N(B$BI|5l%D!<%k(B$B$,8x3+$5$l$F$$$^$9!#(B $B$,!"$3$NI|5l%D!<%k!"(BACL $B$r$-$A$s$HI|5l$7$F$/$l$J$$$_$?$$(B ($B$H$$$&$+!"8!1V%G%#%l%/%H%j$K0\$9A0$N>uBV$,$I$3$K$bJ]B8$5$l$F$J$$$C$]$$!D!D(B)$B!#(B

$B!!$5$F!"%^%+%U%#!<$O(B $B%&%$%k%9BP:v@=IJ$N99?7%U%!%$%kDs6!BN@)$K$D$$$F(B $B!]4k6H%f!<%68~$1@=IJ$*$h$S8D?M%f!<%68~$1@=IJ!](B $B$H$$$&J8=q$r8x3+$7$F$$$?$o$1$G$9$,!"$I$N9)Dx$,Ie$C$F$$$?$N$G$3$s$J;vBV$K$J$C$?$s$G$7$g$&$M$(!#(B

$B!!4XO"(B: $B%^%+%U%#! ($BF|7P(B BP, 2006.03.12)

2006.03.18 $BDI5-(B:

$B!!(BDAT4715$B$N(B W95/CTX$B8m8!CN$K4X$9$k2sEz=q(B ($B%^%+%U%#!<(B, 3/16) $B$,8x3+$5$l$F$^$7$?!#(B

Q$B!'$J$<$3$N8m8!=P$O$3$l$[$I3HBg$7$?$N$G$9$+!)(B DAT$B$N%F%9%H$O9T$o$J$$$N$G$9$+!)(B

A$B!'8!>Z%F%9%H$GH/8=$7$J$+$C$?$N$b!"%f!<%6MM$G8m8!CN$N>c32$r0z$-5/$3$7$?$N$b!"#D#A#T(B4715$BCf$N3:Ev%7%0%M%A%c$NHs>o$KJ#;($J%m%8%C%/>e$G$N7g4Y$,860x$G$7$?!#(B

$B7P0^!'(B
$B!!?7$7$$(B W95/CTX$B$N0! $B!!$7$?$,$C$F!"Ev3:%7%0%M%A%c$r%Q%U%)!<%^%s%9$X$N7|G0$,>/$J$$%G%9%/%H%C%W@=IJ!"$7$+$b%*%s%G%^%s%I%9%-%c%s;~$N$_$K8BDjE*$KE,MQ$5$l$k$b$N$H$7$F:n@.$7%F%9%H$r
$B$3$N8BDjE,MQ$N%7%0%M%A%cCf$N%m%8%C%/$,!"8!CN%W%m%;%9$NESCf$G%&%$%k%9$NFCDj!&=$I|$r?J$a$F$7$^$&7g4Y$r$b$C$F$$$^$7$?!#(B

$B!!$^$?!"$3$N7g4Y$,$=$N8e$N$9$Y$F$N%F%9%H$G$N82:_2=$r2sHr$7!"%F%9%H$r$9$jH4$1$F$7$^$$$^$7$?!#(B

$B!!$D$^$j!"%^%+%U%#!<$O%*%s%G%^%s%I%9%-%c%s$K4X$9$k%F%9%H$r0l@Z9T$C$F$$$J$+$C$?!"$H$$$&$3$H$G$9$+(B?

$BJ@pJs$r?WB.$KG[?.$9$k$?$a$K$"$i$f$k%D!<%k$r3hMQ$7$^$7$?$,!"$3$N8m8!CN$K4X$7$F$O!"$9$0$KDLCN$r$7$^$9!#(B

$B!!!V$"$i$f$k%D!<%k$r3hMQ!W$7$?$N$G$"$l$P!"$?$H$($P!V%^%+%U%#!

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B 2006.03.10

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B
(Microsoft, 2006.03.10)

  • Office x 1 ($B6[5^(B)
  • Windows x 1 ($B=EMW(B)
  • $B0-0U$N$"$k%=%U%H%&%'%"$N:o=|%D!<%k$N99?7(B
  • Microsoft Update / Windows Server Update Services $B$G!"%;%-%e%j%F%#0J30$NM%@hEY$N9b$$99?7%W%m%0%i%`(B x 1

$B!!4XO"(B: 3 $B7n$N%j%j!<%9M=Dj(B ($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog, 2006.03.10)

$B:#7n$O!"(B2 $B7n$KHf$Y$k$H7o?t$,>/$J$/$J$C$F$$$^$9$,!"(B Office $B@=IJ$K4X$9$k99?7$O!"%P!<%8%g%s$K$h$j(B MBSA $B$@$1$G$O8!=P$G$-$J$$>l9g$b$"$j!"(BEnterprise Scan Tool (EST) $B$r;HMQ$7$J$1$l$P$J$i$J$$%1!<%9$b$"$j$^$9!#E83+$H8!::$K$OCm0U$,I,MW$G$9!#(B

$B"#(B 2006.03.09

$B"#(B 2006.03.08

$B"#(B $BDI5-(B

hns-SA-2006-01: make-rurimap.cgi $B%9%Q%`%a!<%kAw?.Vs=u$N@H

$B!!(Bhns-2.19.8 $B%j%j!<%9$N$*CN$i$;(B ($B$O$$$Q!

$B"#(B 2006.03.07

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B 2006.03.06

$B"#(B $B!V(BOpera 8.52 for Windows$B!WF|K\8lHG$J$I$KIT6q9g!"!V(B8.53$B!W$r?d>)(B
(Internet Watch, 2006.03.06)

2$B7n$K%j%j!<%9$5$l$?!V(BOpera 8.52 for Windows$B!W$N0lIt$N8@8l%P!<%8%g%s$G$O!"(BMacromedia Flash$B$N@H)$5$l$F$$$k!#F|K\8l$r4^$`(B15$B8@8l%P!<%8%g%s$,BP>]$H$J$k!#(B

$B!!(BChangelog for Opera for Windows 8.53 (opera.com) $B$K$h$k$H!"6qBNE*$K$O

  • Chinese, simplified
  • Chinese, traditional
  • Czech
  • Danish
  • Dutch
  • Finnish
  • French
  • Hindi
  • Italian
  • Japanese
  • Norwegian, bokmal
  • Norwegian, nynorsk
  • Portuguese
  • Russian
  • Swedish

$B"#(B 2006.03.05

$B"#(B 2006.03.04

$B"#(B 2006.03.03

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2006.02.25)

$B!!(BSquirrelMail $BOC4XO"(B: [ISecAuditors Advisories] IMAP/SMTP Injection in SquirrelMail

$B"#(B 2006.03.02

$B"#(B FreeBSD $BJ}LL(B
(FreeBSD Security Advisories, 2006.03.02)

  • FreeBSD-SA-06:09.openssh - Remote denial of service in OpenSSH

    FreeBSD 5.x $B$K7g4Y!#(B OpenSSH $B$H(B OpenPAM $B$K%G%6%$%s>e$N>WFM$,$"$j!"G'>Z=hM}Cf$K%5!<%PB&$N1~Ez$,Dd;_$7$F$7$^$&>l9g$,$"$k!#(B CVE: CVE-2006-0883

    patch $B$,MQ0U$5$l$F$$$k$N$G!"E,MQ$7$F(B sshd $B$r:F%$%s%9%H!<%k!&:F5/F0$9$l$P$h$$!#$^$?(B sshd_config $B$G(B UsePAM no $B$H$9$k$+!"$"$k$$$O(B UsePrivilegeSeparation no $B$H$9$k$3$H$G2sHr$G$-$k!#(B

  • FreeBSD-SA-06:10.nfs - Remote denial of service in NFS server

    FreeBSD 4.x / 5.x / 6.x $B$N(B NFS $B%5!<%P=hM}$K7g4Y$,$"$j!"(B $B96N,(B RPC $B$K$h$C$F(B OS $B$,%/%i%C%7%e$7$F$7$^$&!#(BNFS $B%5!<%P$rDd;_$7$F$$$k>l9g$O$3$N7g4Y$N1F6A$rCVE-2006-0900

    FreeBSD 4.10/4.11/5.3/5.4/6.0 $BMQ$N(B patch $B$,MQ0U$5$l$F$$$k!#(Bpatch $B$rE,MQ$7!"%+!<%M%k$r$D$/$C$F%$%s%9%H!<%k$7:F5/F0$9$k!#(B

$B"#(B $BDI5-(B

Apple Safari Browser Automatically Executes Shell Scripts

$B!!(BAPPLE-SA-2006-03-01 Security Update 2006-001 (apple) $B$G=$@5$5$l$?$h$&$G$9!#$3$3$K7G:\$5$l$F$$$k!"$3$l$N$3$H$G$7$g$&!#(B

Safari, LaunchServices
CVE-ID: CVE-2006-0394
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5
Impact: Viewing a malicious web site may result in arbitrary code execution
Description: It is possible to construct a file which appears to be a safe file type, such as an image or movie, but is actually an application. When the "Open `safe' files after downloading" option is enabled in Safari's General preferences, visiting a malicious web site may result in the automatic download and execution of such a file. A proof-of-concept has been detected on public web sites that demonstrates the automatic execution of shell scripts. This update addresses the issue by performing additional download validation so that the user is warned (in Mac OS X v10.4.5) or the download is not automatically opened (in Mac OS X v10.3.9).

$B"#(B 2006.03.01

$B"#(B hns-SA-2006-01: make-rurimap.cgi $B%9%Q%`%a!<%kAw?.Vs=u$N@H
($B$O$$$Q!

$B!!(B2006.02.28 $B$h$jA0$NA4$F$N$O$$$Q!

$B!!(Bhns-2.19.7 $B$G=$@5$5$l$F$$$k!#$^$?!"(Bmake-rurimap.cgi $B$r:o=|$9$k!"$"$k$$$O(B config.ph $B$NCf$N(B $B!V(B$MesMail = 'hoge@example.jp';$B!W$N9T$r%3%a%s%H%"%&%H$9$k$3$H$G2sHr$G$-$k!#(B $B4XO"(B:

$B!!!D!D(Bhns$B$,(BSPAM$BH/?.8;$K$J$C$F$7$^$&7o(B ($B$@$a$@$aF|5-(B Z.o, 2006.02.17) $B$K$^$H$a$,$"$j$^$9!#(BTOUGHBOOK$B!yK($($5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2006.03.08 $BDI5-(B:

$B!!(Bhns-2.19.8 $B%j%j!<%9$N$*CN$i$;(B ($B$O$$$Q!

$B"#(B $BDI5-(B

KB912945: Internet Explorer ActiveX update

$B!!$$$h$$$hEP>l$7$?$h$&$G$9(B:

$B!!(BKB912945 $B$K=q$+$l$F$$$k$h$&$K!"$3$l$r%$%s%9%H!<%k$9$k$HIT9,$K$J$k2DG=@-$,$"$k$N$GCm0U$7$^$7$g$&!#(B 64bit $BHG$N?M$OFC$K!"$+$J!#(B2ch.net $B$H$+$K$$$k%A%c%l%s%8%c!<$JJ}$NMM;R$r$7$P$i$/4Q;!$9$k$N$,5H$+$H!#(B

$B!!4XO"(B: $BFC5vAJ>YBP:v$N(BIE$B%"%C%W%G!<%H$,%j%j!<%9(B (ITmedia, 2006.03.01)

[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B