$B%;%-%e%j%F%#%[!<%k(B memo - 2006.09

Last modified: Fri Jul 20 11:55:20 2007 +0900 (JST)

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B"#(B 2006.09.30

$B"#(B 2006 $BG/(B 9 $B7n$N%;%-%e%j%F%#>pJs(B (Microsoft)
(Microsoft, 2006.09.13)

$B!!$=$&$$$($P!"$3$3$K=q$/$N$r$9$C$+$jK:$l$F$$$?$N$G!"<+J,<+?H$N$?$a$K=q$$$F$*$-$^$9!#(B

$B!!$"$H!"%;%-%e%j%F%#$8$c$J$$$1$I$3$s$J$N$,(B:

2006.10.06 $BDI5-(B:

$B!!(BMS06-053 $B4XO"(B:

$B!!(BMS06-053 $B$N2sHr:v$K$J$<$+(B

Internet Explorer $B$N%Z!<%8$N%(%s%3!<%I$N<+F08!=P$rL58z$K$9$k(B

Internet Explorer $B$N%Z!<%8$N%(%s%3!<%I$N<+F08!=P$rL58z$K$9$k$H!"$3$N@H

$B$J$s$F=q$+$l$F$$$k;v!"$=$7$F(B Microsoft Internet Information Services UTF-7 XSS Vulnerability (PTRS) $B$K$h$C$FL@$i$+$K$5$l$?K\Ev$NLdBj!#(B $B$=$l$O$b$A$m$s!"(BIE $B$N!V5!G=!W$J$N$G$"$C$?!D!D!#(B

$B"#(B 2006.09.29

$B"#(B $BDI5-(B

$B$^$?$b$d!V0lB@O:!W$N%;%-%e%j%F%#!&%[!<%k$rA@$&%<%m%G%$967b(B

$B!!(B$B0lB@O:$N@H ($B%8%c%9%H%7%9%F%`(B) $B$,2~D{$5$l$F$$$^$7$?!#(B

$B"#(B SONY $B@=%P%C%F%jJ}LL(B
(various, 2006.09.29)

$B!!A0%9%l(B:

$B!!(BIBM / Lenovo $B$,<+

$B!!$^$?!"K\F|(B SONY $B$+$iH/I=$5$l$?>pJs$K$h$k$H!"B>$N%Y%s%@!<$K$D$$$F$b!"<+

$B!!:#8e$J$5$l$k$G$"$m$&!"3F%Y%s%@!<$+$i$N0FFb$KCm0U$7$^$7$g$&!#(B

2006.10.02 $BDI5-(B:

$B!!(BSONY $B$NH/I=$r

2006.10.03 $BDI5-(B:

$B!!(B$B!V(BHP$B$OBg>fIW!W!"%=%K!<$N%P%C%F%j! (ITmedia, 2006.10.03)

2006.10.11 $BDI5-(B:

$B!!F|N)$+$i$bM=9p=P$F$^$9(B:

$B!!$"$H!"El

$B!!>e5-%Z!<%8$G!VH=Dj%W%m%0%i%`!W$,G[I[$5$l$F$$$^$9$,!"!VBP1~5!

$B!!Eldynabook AX/8$B!"(Bdynabook CX/8$B!"(Bdynabook TX/8$B!"(Bdynabook VX/7$B!"(B Satellite CW1$B!"(BSatellite AW4$B!"(BSatellite AW5$B!"(BSatellite A100$B%7%j!<%:$N(B $B%P%C%F%j%Q%C%/$K4X$9$k=EMW$J$*CN$i$;!J$*OM$S$H$*4j$$!K(B ($BEl

2006.10.20 $BDI5-(B:

2006.10.27 $BDI5-(B:

$B!!(B$B%=%K!<@=EECS!"IY;NDL%Q%=%3%s$G$bH/2P(B (asahi.com, 2006.10.27)

2006.11.08 $BDI5-(B:

$B!!(BSONY $B$H%7%c!<%W$,8r49:n6H$r3+;O$7$^$7$?(B:

$B!!$"$H!"(BIEEE$B!"%N!<%H(BPC$BMQ%P%C%F%j!<5,3J$r2~Dj$X(B (ITmedia, 2006.11.08) $B$@$=$&$G$9!#(B

2006.11.13 $BDI5-(B:

$B!!(BEPSON $B$,8r49:n6H$r3+;O$7$^$7$?(B:

2007.01.31 $BDI5-(B:

$B!!(B$B%=%K!<3t<02q ($BIY;NDL(B, 2007.01.30)

$BEv/$J$$>u67$K$"$j$^$9(I!$B$=$N$?$a!"Ev=i$O?=$79~$_4|4V$r(B2007$BG/(B1$B7nKvF|$^$G$H$7$F$*$j$^$7$?$,!"(B2007$BG/(B7$B7nKvF|$^$G1dD9$7$^$9!#(B

2007.02.08 $BDI5-(B:

$B!!(B$B%=%K!<@=EECS$NIY;NDL%N!<%H!"(B12$B7nKv$K3$30$GH/1l!&H/2P;v8N(B ($BF|7P(B IT Pro, 2007.01.30)

2007.05.16 $BDI5-(B:

$B!!4XO"(B: $B%=%K!<@=EECSEk:\$NEl ($BF|7P(B IT Pro, 2007.05.10)$B!"(B$B%N!<%H#P#CMQ%=%K!<3t<02q ($BEl

$BEv]$N%P%C%F%j%Q%C%/$GH/2P;v8N$,H/@8$$$?$7$^$7$?!#(B

$B!!0J2<$K!"3F

$B!!$J$*!"(BHP $B$O%=%K!<@=%P%C%F%j$r;HMQ$7$F$$$k$b$N$N!"2s<}!&8r49$9$kI,MW$O$J$$$HH/I=$7$F$$$^$9!#(B

$B"#(B [Full-disclosure] [SECURITY] OpenSSL 0.9.8d and 0.9.7l released
(OpenSSL.org, 2006.09.28)

$B!!(BOpenSSL $B$K?7$?$J(B 4 $B$D$N7g4Y$,$"$j!"(BOpenSSL 0.9.8d / 0.9.7l $B$G=$@5$5$l$?$=$&$J!#$&$%!"$R$5$S$5$N$?$F$D$E$1$G$9$M!D!D!#4XO"(B:

$B"#(B 2006.09.28

$B"#(B $B$$$m$$$m(B (2006.09.28)
(various)

$B"#(B JVNTA06-270A: Microsoft Internet Explorer $B$N(B ActiveX $B%3%s%H%m!<%k(B WebViewFolderIcon $B$K@H
(JVN, 2006.09.28)

$B!!(BWebViewFolderIcon ActiveX $B%3%s%H%m!<%k(B (webvw.dll) $B$K(B integer overflow $B$9$k7g4Y$,$"$j!"96N,(B web $B%Z!<%8$J$I$rDL$8$FG$0U$N%3!<%I$rCVE-2006-3730$B!#(BUS-CERT Metric: 51.03

$B!!=$@5%W%m%0%i%`$O$^$@B8:_$7$J$$!#(BCLSID {844F4806-E8A8-11d2-9652-00C04FC30871} $B$*$h$S(B/$B$^$?$O(B {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} $B$K(B kill bit $B$r@_Dj(B$B$7$?$j!"(B$B%9%/%j%W%H(B ActiveX $B%3%s%H%m!<%k$rL58z$K$7$?$j$9$k$3$H$G2sHr$G$-$k!#(B (CLSID $BA}$($^$7$?(B)

$B!!!D!D(B $B$3$l$G$9$,!"(BMoBB #18 $B$NOC$J$N$@$=$&$G$9!#(B

2006.10.01 $BDI5-(B:

$B!!4XO"(B:

2006.10.02 $BDI5-(B:

$B!!(BMS Internet Explorer WebViewFolderIcon setSlice() (Multiple Exploits) (securiteam)

2006.10.11 $BDI5-(B:

$B!!(BWindows Explorer $B$N@H (Microsoft) $B$G=$@5$5$l$^$7$?!#(B

$B"#(B Firefox$B8~$G%9%F!<%?%9%P!<$N%j%s%/@h%"%I%l%956Au$7$D$D!"!V(BI'm feeling lucky$B8!:w!W$rH/F0$9$k%5%s%W%k(B
(nutsec, 2006.09.26)

$B!!(BFirefox $B$O$=$&$$$&;EMM$J$N$@$=$&$G$9!#(Bnutsec $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B $B:#;n$9$H!"!V%/%8%g$?$$$5$/J*8l(B $BBh(B 1 $BOC!W$KHt$V$h$&$G$9!#(B

$B!!!D!D(B$BMU$C$QF|5-(B $B$KBP1~J}K!$,5-:\$5$l$F$$$^$9!#(B

$B"#(B $B$^$?$b$d!V0lB@O:!W$N%;%-%e%j%F%#!&%[!<%k$rA@$&%<%m%G%$967b(B
($BF|7P(B IT Pro, 2006.09.28)

$B!!0lB@O:(B ($B%P!<%8%g%sITL@(B) $B$KL$CN$N7g4Y$,$"$j!"96N,0lB@O:%U%!%$%k$rMxMQ$7$?967b$,

$B!!$4Cm0U$/$@$5$$!#(B

2006.09.29 $BDI5-(B:

$B!!(B$B0lB@O:$N@H ($B%8%c%9%H%7%9%F%`(B) $B$,2~D{$5$l$F$$$^$7$?!#(B

2006.10.04 $BDI5-(B:

$B!!(B$B0lB@O:$N@H ($B%8%c%9%H%7%9%F%`(B) $B$,2~D{$5$l$F$$$^$7$?!#0lB@O:(B for Linux $B$b7g4Y$NBP>]$H$J$k$=$&$G$9!#(B $B0lB@O:(B for Linux $B%;%-%e%j%F%#99?7%b%8%e!<%k(B ($B%8%c%9%H%7%9%F%`(B) $B$b8x3+$5$l$F$$$^$9!#(B

$B"#(B $BDI5-(B

$B!Z=EMW![(B Movable Type $B?7%P!<%8%g%s$H%Q%C%A$NDs6!$K$D$$$F(B

$B!!4XO"(B: JVN#68295640: Movable Type $B$N8!:w5!G=$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H (JVN)

[SA22091] OpenSSH Identical Blocks Denial of Service Vulnerability

$B!!(BOpenSSH 4.4 $B$,EP>l$7$^$7$?!#$3$N7g4Y$,=$@5$5$l$F$$$^$9!#(Biida $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!(Bhttp://www.openssh.org/txt/release-4.4 $B$K$h$k$H!"$3$N7g4Y$NB>$K$b!"0J2<$N7g4Y$,=$@5$5$l$F$$$k$=$&$G$9!#(B 

 * Fix an unsafe signal hander reported by Mark Dowd. The signal
   handler was vulnerable to a race condition that could be exploited
   to perform a pre-authentication denial of service. On portable
   OpenSSH, this vulnerability could theoretically lead to
   pre-authentication remote code execution if GSSAPI authentication
   is enabled, but the likelihood of successful exploitation appears
   remote.

 * On portable OpenSSH, fix a GSSAPI authentication abort that could
   be used to determine the validity of usernames on some platforms.

$B!!(BOpenSSH 4.4$B%j%j!<%9(B (slashdot.jp) $B$b;2>H!#(B

Another Day, Another 0-day (PowerPoint 0-day)

$B!!%"%I%P%$%6%j=P$^$7$?(B:

$B!!(BPowerPoint 2000 / 2002 (XP) / 2003 $B$NB>!"(BPowerPoint 2004 for Mac$B!"(B PowerPoint v. X for Mac $B$K$b1F6A$9$k$=$&$G$9!#(BPowerPoint Viewer 2003 $B$K$O1F6A$7$J$$$=$&$G$9!#$3$N$?$a!"(BPowerPoint Viewer 2003 $B$G1\Mw$7$F2sHr$9$kJ}K!$,>R2p$5$l$F$$$^$9!#(B

$B"#(B 2006.09.27

$B"#(B Another Day, Another 0-day (PowerPoint 0-day)
(McAfee Avert Labs Blog, 2006.09.26)

$B!!(BPowerPoint 2000 / 2002 (XP) / 2003 $B$K?7$?$J(B 0-day $B7j$,$"$k$i$7$$!D!D!#(B

2006.09.28 $BDI5-(B:

$B!!%"%I%P%$%6%j=P$^$7$?(B:

$B!!(BPowerPoint 2000 / 2002 (XP) / 2003 $B$NB>!"(BPowerPoint 2004 for Mac$B!"(B PowerPoint v. X for Mac $B$K$b1F6A$9$k$=$&$G$9!#(BPowerPoint Viewer 2003 $B$K$O1F6A$7$J$$$=$&$G$9!#$3$N$?$a!"(BPowerPoint Viewer 2003 $B$G1\Mw$7$F2sHr$9$kJ}K!$,>R2p$5$l$F$$$^$9!#(B

2006.10.11 $BDI5-(B:

$B!!(BMicrosoft PowerPoint $B$N@H (Microsoft) $B$G=$@5$5$l$^$7$?!#(B

$B"#(B $BDI5-(B

Microsoft Internet Explorer $B$G$N(B Vector Markup Language $B0-MQ$K4X$9$k%"%i!<%H(B

$B!!=$@5%W%m%0%i%`=P$^$7$?!#(BACL $B@_Dj$K$h$C$F2sHr$7$F$$$k>l9g$O!"(BACL $B$rLa$7$F$+$iE,MQ$7$^$7$g$&!#(B

$B!!$"$H!"(Bmetasploit $B$J96N,%b%8%e!<%k$b(B:

$B!!$"$H!"(BISA $B$G

2006 $BG/(B 8 $B7n$N%;%-%e%j%F%#>pJs(B (Microsoft)

$B!!(BMS06-049 $B=$@5%W%m%0%i%`$N2~D{HG!"=P$^$7$?!#(B

$B!!$G$b!"2u$l$?%U%!%$%k$r=jM-$7$F$$$k>l9g$O!"E,MQA0$K!"(BFreeBSD $B$H$+$+$iFI$s$G%P%C%/%"%C%W$7$F$*$$$?J}$,$$$$$H;W$&$7!#(B

$B"#(B $BF|K\$N(BGoogle$B$K$b!"8!:w7k2L$K%U%#%k%?!<$,$+$+$C$F$$$k(B
($B$&$5$.J83XF|5-(B, 2006.09.26)

$B!!$X$'!D!D!#(BSafeSearch filtering (google) $B$+$i(B:

You can choose from among three SafeSearch settings:

  • Moderate filtering excludes most explicit images from Google Image Search results but doesn’t filter ordinary web search results. This is your default SafeSearch setting; you’ll receive moderate filtering unless you change it.

  • Strict filtering applies SafeSearch filtering to all your search results (i.e., both image search and ordinary web search).

And finally…

  • No Filtering, as you’ve probably figured out, turns off SafeSearch filtering completely.

$B!!%G%U%)%k%H$G$O(BGoogle Image Search $B$@$1$@$C$F(B?! $B8!:w8l6g$K$h$C$F$O!"(B Yahoo! $B$H0[>o$K0[$J$k8!:w7k2L$,=P$?$j$9$k$s$@$1$I$M$'!D!D!#(B

2006.11.16 $BDI5-(B:

$B!!1Q8l$J(B google $B$O(B http://www.google.com/webhp?hl=en $B$K%"%/%;%9$9$l$P$$$$$h$&$G$9!#(B $B$D!<$+!"(Bhttp://www.google.co.jp/preferences?hl=en $B$r8+$l$P$$$$$_$?$$!#(B

$B"#(B 2006.09.26

$B"#(B [SA22091] OpenSSH Identical Blocks Denial of Service Vulnerability
(secunia, 2006.09.26)

$B!!(BOpenSSH 3.x / 4.x $B$K7g4Y!#(BSSH $B%Q%1%C%H$K$*$1$kJ#?t$N(B identical block $B$N07$$$K7g4Y$,$"$j!"(BSSH $B%W%m%H%3%k%P!<%8%g%s(B 1 $B$,M-8z$J>l9g$K(B DoS $B967b$r

$B!!3+H/HG$G$O=$@5$5$l$F$$$k!#(B

2006.09.28 $BDI5-(B:

$B!!(BOpenSSH 4.4/4.4p1 $B$,EP>l$7$^$7$?!#$3$N7g4Y$,=$@5$5$l$F$$$^$9!#(Biida $B$5$s!"8M0f$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!(Bhttp://www.openssh.org/txt/release-4.4 $B$K$h$k$H!"$3$N7g4Y$NB>$K$b!"0J2<$N7g4Y$,=$@5$5$l$F$$$k$=$&$G$9!#(B 

 * Fix an unsafe signal hander reported by Mark Dowd. The signal
   handler was vulnerable to a race condition that could be exploited
   to perform a pre-authentication denial of service. On portable
   OpenSSH, this vulnerability could theoretically lead to
   pre-authentication remote code execution if GSSAPI authentication
   is enabled, but the likelihood of successful exploitation appears
   remote.

 * On portable OpenSSH, fix a GSSAPI authentication abort that could
   be used to determine the validity of usernames on some platforms.

$B!!(BOpenSSH 4.4$B%j%j!<%9(B (slashdot.jp) $B$b;2>H!#(B

$B"#(B $BDI5-(B

Firefox $BMQDjHV(BRSS$B%j!<%@(B Sage $B$K$*$1$k(B RSS Script Injection

$B!!FH<+$K=$@5$7$?J}$,$$$i$C$7$c$k$h$&$G$9(B: $B2~B$HG(BSage 1.3.6($B%9%/%j%W%H%$%s%8%'%/%7%g%sBP:vHG(B)$B$,$G$-$?$C$]$$(B ($B$R$0$^$N$R$^%0(B, 2006.09.26)

LA$B6u9A$G%i%C%W%H%C%WH/2P;v7oH/@8(B--$B1j>e$7$?$N$O!V(BThinkPad$B!W(B

$B!!(BLenovo$B!"%N!<%H(BPC$B$NH/2PLdBj$rD4::(B -- $B%j%3!<%k$OIT2DHr$H$N@<$b(B (ITmedia, 2006.09.25)

$B"#(B $B!Z=EMW![(B Movable Type $B?7%P!<%8%g%s$H%Q%C%A$NDs6!$K$D$$$F(B
(sixapart, 2006.09.26)

$B!!(BMovable Type 3.2 $B0J9_!"$*$h$S(B Movable Type Enterprise $B$K7g4Y!#(B $B4IM}2hLL!"8!:w5!G=!"%3%a%s%H5!G=$K(B XSS $B7g4Y$,$"$k$=$&$G!#(B Movable Type 3.33 $B$G=$@5$5$l$F$$$kB>!"(B Movable Type 3.2-ja-2 $BMQ$N(B patch $B$,MQ0U$5$l$F$$$k!#(B

2006.09.28 $BDI5-(B:

$B!!4XO"(B: JVN#68295640: Movable Type $B$N8!:w5!G=$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H (JVN)

$B"#(B $B%U%#%C%7%s%0:>5=$K0-MQ2DG=$J(BIE6$B$K$*$1$k%?%$%H%k%P!<56Au$N7o(B($B=`Hw9F(B)
(hoshikuzu | star_dust $B$N=q:X(B, 2006.09.25)

$B!!(BIE6 $B$K$O!"%?%$%H%k%P!<$r56Au$G$-$k7g4Y$,$"$k$=$&$G$9!#(B $B>\:Y$OL$8x3+!"8=;~E@$G$OL$=$@5!#(B $B$^$?(B IE7 $B$K$O$3$N7g4Y$O$J$$$=$&$G$9!#(B

$B"#(B $B2ql$G%3%T%Z$7$F$k$s$@(B
($B9bLZ9@8w!w<+Bp$NF|5-(B, 2006.09.23)

$B!!8=>lE*$K$O%F%s%W%l$N(B 1 $B$D$b$J$$$H;E;v$K$J$i$J$$$N$@$m$&$1$I!"$$$d$O$d!D!D!#(B

$B!!$7$+$78D?ME*$K$O!"$3$NItJ,$NJ}$,$b$C$H5$$K$J$k(B:

$B$3$N%&%'%V%5%$%H$N$4MxMQ$K:]$7!" ($BCfN,(B)
$B!&(B $B1D6H3hF0$^$?$O1DMx$rL\E*$H$9$k9T0Y!"$^$?$O$=$N=`Hw$rL\E*$H$9$k9T0Y!#(B

$B!!6HL3$N$?$a$K(B $BEl$B$N(B web $B%Z!<%8$K%"%/%;%9$9$k$N$O6X;_$5$l$F$$$k!"$H$$$&$3$H$J$N$@$m$&$+!#(B $BEl$B$K$O$=$&$$$C$?5-=R$O$J$$$h$&$@$,!D!D!#(B

$B"#(B 2006.09.25

$B"#(B $BDI5-(B

LA$B6u9A$G%i%C%W%H%C%WH/2P;v7oH/@8(B--$B1j>e$7$?$N$O!V(BThinkPad$B!W(B

$B!!4XO">pJs(B:

$B!!!V%=%K!<@=!W$H$O=q$$$F$"$k$1$I!V=c@5!W$H$O=q$+$l$F$$$J$$$J$"!#(B $BCf?H$,!V%=%K!<@=!W$N(B 3rd party $BIJ!"$H$$$&2DG=@-$O$"$k$s$@$m$&$+!#(B

$B!!$"$H!"$3$A$i"-$O(B 3rd party $B@=%P%C%F%j$G$NH/2P!#(B

$B"#(B 2006.09.24

$B"#(B $BDI5-(B

Microsoft Internet Explorer $B$G$N(B Vector Markup Language $B0-MQ$K4X$9$k%"%i!<%H(B

$B!!4XO">pJs(B:

$B"#(B $B$$$m$$$m(B (2006.09.24)
(various)

$B"#(B 2006.09.23

$B"#(B $BDI5-(B

gzip 5 $BO"H/(B

$B!!4XO">pJs(B:

2006 $BG/(B 8 $B7n$N%;%-%e%j%F%#>pJs(B (Microsoft)

$B!!(BMS06-049 $BOC$@$,!"(B$B"#""(BNTFS$B$G$9$J!)$$$^$@$K(BFAT$B$G$9$+!)"""#(B (2ch.net) $B$,$9$4$$$3$H$K$J$C$F$$$k!#(B $B$J$s$H!"!V2u$l$?!W%U%!%$%k$rFI$_=P$9J}K!$,$_$D$+$C$?$=$&$J$N$@!#(B $B$5$i$K!"$=$l$r85$K$7$F%P%0$N860x$r2r@O$7$F$7$^$C$F$$$k!#(B hyou $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!$9$2$'!#$^$H$a$k$H!"0J2<$NJ}K!$G2u$l$?%U%!%$%k$r=$I|$G$-$k$i$7$$(B:

  • FreeBSD 6.1-RELEASE $B$G(B mount $B$7!"FI$_=P$9!#(B NetBSD 3.0.1 $B$G$bFI$_=P$;$?$H$N(B$BJs9p(B$B$,$"$k!#(B
  • ntfstools $B$K(B 599 (2ch.net) $B$H(B 611 (2ch.net) $B$N(B patch $B$r$"$F$F:n@.$7$?(B ntfscat $B$r;H$C$FFI$_=P$9!#(B

$B"#(B 2006.09.22

$B"#(B $B$$$m$$$m(B (2006.09.22)
(various)

$B"#(B $BDI5-(B

[SECURITY] OpenSSL 0.9.8c and 0.9.7k released

$B!!(BOera 9.0.2 $B=P$^$7$?!#$3$N7g4Y$,=$@5$5$l$F$$$k$=$&$G$9!#(B

$B"#(B About the security content of AirPort Update 2006-001 and Security Update 2006-005
(Apple, 2006.09.22)

$B!!(BMac OS X $B$N(B AirPort $BL5@~(B LAN $B%I%i%$%P$K(B 3 $B$D$N7g4Y!#$$$:$l$b!"967b

  • CVE-2006-3507$B!#(BAirPort $BL5@~(B LAN $B%I%i%$%P$G(B stack overflow$B!#(BPowerPC $B%Y!<%9$N(B Mac $B$N$_!#(B
  • CVE-2006-3508$B!#(BAirPort $BL5@~(B LAN $B%I%i%$%P$G(B heap overflow$B!#(BIntel $B%Y!<%9$N(B Mac OS X 10.4.x $B$N$_!#(B
  • CVE-2006-3509$B!#(B 3rd party $B8~$1$N(B AirPort $BL5@~(B LAN $B%I%i%$%P(B API $B$K(B integer overflow$B!#(B $B1F6A$N>\:Y$O(B 3rd party $B%"%W%j$K0MB8$9$k!#(B Intel $B%Y!<%9$N(B Mac OS X 10.4.x $B$N$_!#(B

$B!!Nc$N!V(B$BL5@~(B LAN $B%I%i%$%P$N7g4Y(B$B!WOC$H;W$o$l!#(B

$B"#(B Yahoo$BK\
(engadget.com, 2006.09.20)

$B!!1j>e$G$O$J$/$FGzH/(B (explode) $B$G$9$+!D!D!#(B

$B"#(B 2006.09.21

$B"#(B LA$B6u9A$G%i%C%W%H%C%WH/2P;v7oH/@8(B--$B1j>e$7$?$N$O!V(BThinkPad$B!W(B
(CNET, 2006.09.21)

$B!!(BNote PC $B1j>e$M$?!"$J$+$J$+<}$^$j$^$;$s$M!D!D!#(B BGM $B$O$d$C$Q$j!VfF$Y!*%,%s%@%`!W(B($B:n;l(B: $B0f2.(B $BN[(B) $B$G$9$+$M!#(B

$B$b!"$(!"$"!"$,!"$l!A(B
$B$b$($"$,$l!A(B
$BG3$(>e$,$l!A%,%s%@%`!A(B

2006.09.25 $BDI5-(B:

$B!!4XO">pJs(B:

$B!!!V%=%K!<@=!W$H$O=q$$$F$"$k$1$I!V=c@5!W$H$O=q$+$l$F$$$J$$$J$"!#(B $BCf?H$,!V%=%K!<@=!W$N(B 3rd party $BIJ!"$H$$$&2DG=@-$O$"$k$s$@$m$&$+!#(B

$B!!$"$H!"$3$A$i"-$O(B 3rd party $B@=%P%C%F%j$G$NH/2P!#(B

2006.09.26 $BDI5-(B:

$B!!(BLenovo$B!"%N!<%H(BPC$B$NH/2PLdBj$rD4::(B -- $B%j%3!<%k$OIT2DHr$H$N@<$b(B (ITmedia, 2006.09.25)

$B"#(B $B$$$m$$$m(B (2006.09.21)
(various)

$B"#(B $BDI5-(B

[SECURITY] OpenSSL 0.9.8c and 0.9.7k released

$B!!(BGnuTLS $B$K$bF1MM$N7g4Y$,$"$C$?$=$&$G!"(B1.4.3 $B0J9_$G=$@5$5$l$F$$$k(B ($B:G?7$O(B 1.4.4)

$B!!$^$?!"(BOpera 9 $B$K$O(B OpenSSL 0.9.8 $B$,4^$^$l$F$$$k$?$a!"$3$N7g4Y$N1F6A$r

$B"#(B 2006.09.20

$B"#(B PowerPoint$B$K4m81EY9b$N@H
(ITmedia, 2006.09.20)

$B!!K\Ev$K?75,$NOC$J$N$+$I$&$+!"$$$^$$$AITL@$JLOMM!#(Bnodoame $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!!D!D(BMicrosoft PowerPoint Vulnerability FAQ - September 2006, CVE-2006-4854 (securiteam) $B$,99?7$5$l$F$$$^$7$?!#(B

UPDATE #2: MS has informed that this vulnerability was addressed in Routing Slip issue www.microsoft.com/technet/security/Bulletin/MS06-012.mspx, i.e. this issue is not a 0-day issue. Related CVE document is CVE-2006-0009.

$B$H$$$&$o$1$G!"?75,$NOC$G$O$J$$$=$&$G$9!#(B

$B"#(B Adobe Reader$B$J$I$K@H
(ITmedia, 2006.09.20)

$B!!(BAcrobat Reader / Adobe Reader $B$K

$B!!(BAcrobat Reader / Adobe Reader $B$N@_Dj$G(B JavaScript $B$rL58z$K$9$k$H!"$H$j$"$($:!VL57Y9p$G!W$H$$$&ItJ,$O$J$s$H$+$J$k$N$+$J!#(Bexample 1 $B$r1\Mw$9$k$H!"(B$B$3$s$J7Y9p$,=P$k(B (Adobe Reader 7.0.8 on Windows)

$B"#(B $BDI5-(B

2006 $BG/(B 8 $B7n$N%;%-%e%j%F%#>pJs(B (Microsoft)

$B!!(BMS06-049 patch $B$N(B hotfix $B$,!"0lHL$K%@%&%s%m!<%I$G$-$k$h$&$K$J$C$F$$$^$9!#(B $B%U%m!<%H$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!2C$($F!"(B923996 - $B%+%9%?%`%]%C%W%"%C%W%*%V%8%'%/%H$r;HMQ$9$k(B Web $B%Z!<%8$K%"%/%;%9$9$k$H!"(BInternet Explorer 6 $B$,FMA3=*N;$9$k(B (Microsoft) $B$N(B hotfix $B$b0lHL$K%@%&%s%m!<%I$G$-$k$h$&$K$J$C$F$$$^$9!#(B $B%U%m!<%H$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B gzip 5 $BO"H/(B
(JVN, 2006.09.20)

$B!!(Bgzip $B$K7j$,(B 5 $B$D$"$k$=$&$G$9!#G$0U$N%3!<%I$N

$B!!(Bofficial fix $B$O$^$@$"$j$^$;$s$,!"J#?t$N%Y%s%@$+$i(B patch $B$,=P$F$$$^$9!#(B

2006.09.24 $BDI5-(B:

$B!!4XO">pJs(B:

2006.10.27 $BDI5-(B:

$B!!4XO">pJs(B:

2006.11.29 $BDI5-(B:

$B!!(B[ GLSA 200611-24 ] LHa: Multiple vulnerabilities

$B"#(B $BEl
($BFH$j$ND6EEGH%W%m%0%i%^(B, 2006.09.19)

$B!!$?$7$+$K%d%P$$$G$9$M!#(BPOST $B$b(B ok $B$@$=$&$G!#ElpJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B Microsoft Internet Explorer $B$G$N(B Vector Markup Language $B0-MQ$K4X$9$k%"%i!<%H(B
(ISSKK, 2006.09.20)

$B!!(BIE 6 $B0JA0$K?7$?$J7g4Y!#(BVector Markup Language (VML) $B$r=hM}$9$k(B %ProgramFiles%\CommonFiles\Microsoft Shared\VGX\vgx.dll $B$K(B stack overflow $B$9$k7g4Y$,$"$j!"(B $B96N,(B web $B%Z!<%8$r;H$C$FG$0U$N%3!<%I$rCVE-2006-3866

$B!!=$@5%W%m%0%i%`$O$^$@8x3+$5$l$F$$$J$$$,!"3+H/$O4{$K=*N;$7$F$*$j!"8=:_%F%9%HCf!#(B 2006 $BG/(B 10 $B7n$N(B Windows Update $B$NF|(B (2006.10.11)$B!"$b$7$/$O$=$l0JA0$K8x3+$5$l$kM=Dj!#$7$+$7!"4{$K0-MQ;vNc$,J#?t$"$k$=$&$J$N$G$9$,!D!D!#(B

$B!!(BIE7 $B$G$I$&$J$N$+$OITL@!#(B

$B!!J#?t$N2sHrJ}K!$,$"$k!#(B

  • vgx.dll $B$rEPO?2r=|$9$k!#(B $B%3%^%s%I(B:
    regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll"

  • IE $B$N@_Dj$G!"(BBinary and Script Behaviors ($B%P%$%J%j%S%X%$%S%"$H%9%/%j%W%H%S%X%$%S%"(B) $B$r(B Disable ($BL58z(B) $B$K@_Dj$9$k!#(B

  • vgx.dll $B$K(B ACL $B$r@_Dj$7$F%"%/%;%9$r5qH]$9$k!#(B

$B!!4XO">pJs(B:

2006.09.24 $BDI5-(B:

$B!!4XO">pJs(B:

2006.09.27 $BDI5-(B:

$B!!=$@5%W%m%0%i%`=P$^$7$?!#(BACL $B@_Dj$K$h$C$F2sHr$7$F$$$k>l9g$O!"(BACL $B$rLa$7$F$+$iE,MQ$7$^$7$g$&!#(B

$B!!$"$H!"(Bmetasploit $B$J96N,%b%8%e!<%k$b(B:

$B!!$"$H!"(BISA $B$G

$B"#(B 2006.09.19

$B"#(B $BDI5-(B

Microsoft Internet Explorer $B$G$N(B Direct Animation Path Control $B$K4X$9$k%"%i!<%H(B

$B!!(BIE7 $B$K$O$3$N7g4Y$O$J$$$=$&$G$9!#(B

$B!!(BSANS ISC $B$+$i!"(Bkill bit $B@_DjMQ$N%"%W%j$,8x3+$5$l$F$$$^$9!#(B

2006 $BG/(B 8 $B7n$N%;%-%e%j%F%#>pJs(B (Microsoft)

$B!!(BMS06-049 $BOC!"(B$B%5%]!<%H(B$B$+$i(B Hotfix $B$rF~

$B!!(B925308 $B$K$O(B

Therefore, if you are not severely affected by this problem, we recommend that you wait for the next version of security update 920958 that contains this hotfix.

$B$H$"$j$^$9$N$G!"$b$&$7$P$i$/$9$k$H(B 920958 $B$N?7HG$bEP>l$9$k$O$:$G$9!#(B $B4XO"(B: Known Issue Documented for MS06-049 (MSRC blog, 2006.9.15)

$B"#(B 2006.09.15

$B"#(B DRM$B%/%i%C%/$r
(ITmedia, 2006.09.15)

$B!!(BFairUse4WM $B$H$$$&%W%m%0%i%`$,$"$k$N$@$=$&$G$9!#:G?7HG$O(B 1.2 fix $B$H$$$&$b$N$N$h$&$G$9!#(B

$B!!(B$B%G%8%?%k%_%l%K%"%`Cx:n8"K!(B$BJ}LL$O$@$$$8$g$&$V$J$s$@$m$&$+!#(B

Microsoft$B$O(B8$B7n(B28$BF|$K:G=i$N%U%#%C%/%9$r%j%j!<%9$7$?!#$3$N%O%C%+!<$O$9$0$KJL$N%P!<%8%g%s$N%W%m%0%i%`$r%j%j!<%9$7!"$3$l$r%$%s%?!<%M%C%H$N7G<(HD$G!"9XF~$7$?%G%8%?%k%a%G%#%"%U%!%$%k$N!V8x@5;HMQ!W$r2DG=$K$9$kJ}K!$@$H@kEA$7$?!#(B ($BCfN,(B) Windows$B$J$I$rC4Ev$9$kItLg$N>e5i%W%m%@%/%H%^%M%8%c!

$B!!3N?.HH$JJ}$N$h$&$G$9$M!D!D!#(B

$B!!4XO"(B: Microsoft and FairUse4WM (schneier.com, 2006.09.07)

$B"#(B Microsoft Internet Explorer $B$G$N(B Direct Animation Path Control $B$K4X$9$k%"%i!<%H(B
(ISSKK, 2006.09.15)

$B!!(BIE 6 $B0JA0$K?7$?$J7g4Y!#(BDirect Animation ActiveX $B%3%s%H%m!<%k(B daxctle.ocx $B$K(B heap overflow $B$9$k7g4Y$,$"$j!"96N,(B web $B%Z!<%8$r1\Mw$9$k$HG$0U$N%3!<%I$rCVE-2006-4777$B!#4{$K(B$B96N,%3!<%I$,8x3+(B$B$5$l$F$$$k!#(B DirectAnimation.PathControl $B$G$9$+!#(B

$B!!=$@5%W%m%0%i%`$O$^$@B8:_$7$J$$!#(Bdaxctle.ocx $B$K(B kill bit $B$r@_Dj$9$k$3$H$G2sHr$G$-$k$O$:$@$1$I!"(Bdaxctle.ocx $B$rI,MW$H$9$k%5%$%H$O$b$A$m$sF0$+$J$/$J$k!#(B

$B!!(BCLSID $B$O(B {D7A7D7C3-D47F-11D0-89D3-00A0C90833E6} $B$G$$$$$N$+$J!#(B

$B!!!D!D%;%-%e%j%F%#(B $B%"%I%P%$%6%j=P$^$7$?(B:

$B!!2sHrJ}K!$H$7$F$O!"(Bkill bit $B$N@_Dj$NB>!"(B%windir%\system32\Daxctle.ocx $B$K(B everyone:$B5qH](B $B$J(B ACL $B$r$D$1$k!"%"%/%F%#%V%9%/%j%W%H$rL58z$K$9$k!"$J$I$,>R2p$5$l$F$$$k!#(B

2006.09.19 $BDI5-(B:

$B!!(BIE7 $B$K$O$3$N7g4Y$O$J$$$=$&$G$9!#(B

$B!!(BSANS ISC $B$+$i!"(Bkill bit $B@_DjMQ$N%"%W%j$,8x3+$5$l$F$$$^$9!#(B

2006.11.15 $BDI5-(B:

$B!!(BInternet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (922760) (MS06-067) $B$G=$@5$5$l$^$7$?!#(B

$B"#(B Firefox $BMQDjHV(BRSS$B%j!<%@(B Sage $B$K$*$1$k(B RSS Script Injection
($BMU$C$QF|5-(B, 2006.09.15)

$B!!FI$a$F$J$$$N$G!"$H$j$"$($:CV$$$F$*$-$^$9!#(B

$B!!4XO"(B: Sage $B$KL$%Q%C%A$N(B XSS $B@H (Taken SPC, 2006.09.12)$B!#$*$*$d$^$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2006.09.26 $BDI5-(B:

$B!!FH<+$K=$@5$7$?J}$,$$$i$C$7$c$k$h$&$G$9(B: $B2~B$HG(BSage 1.3.6($B%9%/%j%W%H%$%s%8%'%/%7%g%sBP:vHG(B)$B$,$G$-$?$C$]$$(B ($B$R$0$^$N$R$^%0(B, 2006.09.26)

2006.10.04 $BDI5-(B:

$B!!(BSage 1.3.7 $B$G%*%U%#%7%c%k$K=$@5$5$l$?$h$&$G$9!#(B$B%j%j!<%9%N!<%H(B$B!#(B Bugzilla Bug 15101: sage fails many of the tests in the feed reader XSS test suite $B$b;2>H!#AaED$5$s!"$*$*$d$^$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2006.10.13 $BDI5-(B:

$B!!(BSage 1.4$B$K$b%9%/%j%W%H%$%s%8%'%/%7%g%s@H ($B$R$0$^$N$R$^%0(B, 2006.10.11) $B$@$=$&$G$9!#(B Firefox/Sage++ (Higmmer's Edition) $B$G$OD>$C$F$$$k$=$&$G$9!#(B

2006.11.25 $BDI5-(B:

$B!!(BSage 1.3.9 $B$G=$@5$5$l$?$=$&$G$9!#$*$*$d$^$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B $B$3$l$KBP1~$7$?!"(BSage++ 1.3.9 $B$b=P$F$$$^$9!#(B

$B!!4XO"$+$J(B: Sage cross-context scripting -> LOCAL-CONTEXT SCRIPTING

2007.01.16 $BDI5-(B:

$B!!(BCVE-2006-6919

$B"#(B Mozilla $B@=IJ$K$*$1$k4{CN$N@H
(mozilla.org, 2006.09.15)

$B!!(BFirefox 1.5.0.7 $BEP>l!#(B7 $BpJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!$"$o$;$F!"(BThunderbird 1.5.0.7$B!"(BSeaMonkey 1.0.5 $B$b=P$F$$$k!#(B

$B"#(B 2006.09.14

$B"#(B 2006.09.13

$B"#(B $BDI5-(B

2006 $BG/(B 8 $B7n$N%;%-%e%j%F%#>pJs(B (Microsoft)

$B!!(BMS06-049 $BI{:nMQOC!"$h$&$d$/(B official $B>pJs$,=P$^$7$?!#$$$^$N$H$3$m$O!">pJs9pCN$@$1$G$9!#(B

$B!!(B$B$^$H$a%Z!<%8(B$B$b99?7$7$F$*$-$^$7$?!#(B

$B!!(BMS06-042 patch $B$,:F$S2~D{$5$l$^$7$?!#(B

  • Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (918899) (MS06-042)

    2006 $BG/(B 9 $B7n(B 13 $BF|!"!VD9$$(B URL $B$N%P%C%U%!(B $B%*!<%P!<%U%m!CVE-2006-3873 $B$G@bL@$5$l$F$$$k@HpJs$*$h$S(B Internet Explorer 6 Service Pack 1$B!"(BInternet Explorer 5.01 Service Pack 4 $B$*$h$S(B Windows Server 2003 $BMQ(B $B$N(B Internet Explorer 6 $B$N%;%-%e%j%F%#99?7%W%m%0%i%`$r99?7$7$^$7$?!#(BInternet Explorer $B$N$3$l$i$N%P!<%8%g%s$r$4;HMQ$N$*5RMM$O!"?7$7$$99?7%W%m%0%i%`$rD>$A$KE,MQ$7$F$/$@$5$$!#(B

    CVE-2006-3873 $B$h$j0zMQ(B:

    Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression, due to an incomplete fix for CVE-2006-3869.

    CVE-2006-3869 $B$N=$@5$,IT40A4$@$C$?$N$G$9$M!#(B $B4XO"(B: [EEYEB-20080824] Internet Explorer Compressed Content URL Heap Overflow Vulnerability #2

$B!!(BMS06-040 patch $B$,2~D{$5$l$^$7$?!#(B

$B"#(B About the security content of QuickTime 7.1.3
(Apple, 2006.09.13)

$B!!(BQuickTime 7.1.3 $BEP>l!#(B7.1.2 $B0JA0$KB8:_$9$k!"(B7 $B

$B!!(BQuickTime 7.1.3 $B$O0J2<$+$iF~

2007.05.16 $BDI5-(B:

$B!!$$$D$N$^$K$+!"(B About the security content of QuickTime 7.1.3 $B$N1Q8lHG(B$B$K$@$1(B CVE-2007-0754 $B$,DI2C$5$l$F$$$k!#(B TPTI-07-07: Apple QuickTime STSD Parsing Heap Overflow Vulnerability $B$N7o!#(B

$B"#(B APSB06-11: Multiple Vulnerabilities in Adobe Flash Player 8.0.24.0 and Earlier Versions
(adobe, 2006.09.13)

$B!!(BFlash Player 8.0.24.0 $B0JA0$K!"?7$?$K(B 5 $B$D$N7g4Y!#(B $BG$0U$N%3!<%I$,CVE-2006-3311, CVE-2006-3587, CVE-2006-3588) $B$NB>!"(B allowScriptAccess $B$K4X$9$k7g4Y(B (CVE-2006-4640)$B!"(B ActiveX $B%3%s%H%m!<%k$N5sF0$K4X$9$k7g4Y(B (CVE-2006-3014)$B!#(B

$B!!(BFlash Player 8.0.33.0, 7.0.68.0, 7.0.66.0 $B$G=$@5$5$l$F$$$k!#(B $B$^$?(B Flash Player 9.0.16.0 $B$K$O$3$N7g4Y$O$J$$!#(B

$B!!4XO"(B: $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (925143) Adobe $B%;%-%e%j%F%#B.Js(B: APSB06-11: Flash Player $B$N@H (Microsoft)

2006.11.16 $BDI5-(B:

$B!!(BWindows XP SP2 $B$K4^$^$l$k(B Flash Player $BMQ$N99?7%W%m%0%i%`$,(B Microsoft $B$+$i8x3+$5$l$^$7$?(B: Adobe $B$N(B Macromedia Flash Player $B$N@H

$B"#(B ColdFusion $BJ}LL(B 3 $BO"H/(B
(adobe, 2006.09.13)

2006.10.11 $BDI5-(B:

$B!!F|K\8lHG$,=P$F$^$7$?!#(B

$B"#(B 2006.09.12

$B"#(B $BDI5-(B

2006 $BG/(B 8 $B7n$N%;%-%e%j%F%#>pJs(B (Microsoft)

$B!!(BMS06-051 patch (917422) $B$K$D$$$F$b!"J#?t$NIT6q9g;vNc$,$"$k$h$&$@!#(B

$B!!$"$H!"(BMS06-049 $BOC$K$D$$$F$O(B $B$3$A$i(B$B$K$^$H$a$F$*$$$?!#(B

$B"#(B 2006.09.11

$B"#(B $B$$$m$$$m(B (2006.09.11)
(various)

$B"#(B 2006.09.10

$B"#(B 2006.09.08

$B"#(B [SECURITY] OpenSSL 0.9.8c and 0.9.7k released
(openssl.org, 2006.09.05)

$B!!(BOpenSSL 0.9.8b $B0JA0(B / 0.9.7j $B0JA0$KBP$7$F!"(B PKCS #1 v1.5 $B=pL>$KBP$9$k967b!"(B RSA Signature Forgery (CVE-2006-4339) $B$,2DG=!#(B $B$J$*!"967b$NBP>]$H$J$k$N$O(B exponent 3 $B$N$D$$$?(B RSA $B80$r;HMQ$9$k>l9g!#(B

$B!!(BOpenSSL 0.9.8c / 0.9.7k $B$G=$@5$5$l$F$$$k!#(B $B$^$?!"(BOpenSSL 0.9.6 $B!A(B 0.9.9 $B7ONs$KE,MQ$G$-$k(B patch $B$,8x3+$5$l$F$$$k!#(B

$B!!4XO"(B: OpenSSL Security Advisory [5th September 2006] ($B$=$N(B1) ($B$*$*$$$o$N$3$a$s$H(B, 2006.09.05)

2006.09.21 $BDI5-(B:

$B!!(BGnuTLS $B$K$bF1MM$N7g4Y$,$"$C$?$=$&$G!"(B1.4.3 $B0J9_$G=$@5$5$l$F$$$k(B ($B:G?7$O(B 1.4.4)

$B!!$^$?!"(BOpera 9 $B$K$O(B OpenSSL 0.9.8 $B$,4^$^$l$F$$$k$?$a!"$3$N7g4Y$N1F6A$r

2006.09.22 $BDI5-(B:

$B!!(BOera 9.0.2 $B=P$^$7$?!#$3$N7g4Y$,=$@5$5$l$F$$$k$=$&$G$9!#(B

$B"#(B $B$$$m$$$m(B (2006.09.08)
(various)

$B"#(B $BDI5-(B

$B%&%A$N%P%C%F%j$O$@$$$8$g$&$V$G$9$^$D$j(B
$B$$$m$$$m(B (2006.08.16)

$B!!(BSYM06-014: Symantec Backup Exec for Windows Server $B!'(B RPC $B%$%s%?!<%U%'!<%9!&%R!<%W!&%*!<%P!<%U%m!<$K$h$j%"%/%;%98"$r;}$D%f!<%6$KFC8">:3J$N2DG=@-(B ($B%7%^%s%F%C%/(B) $B4XO"(B:

$B"#(B 2006.09.07

$B"#(B $BDI5-(B

Black Hat USA 2006 $BJ}LL(B

$B!!(BApple Wi-Fi$B$N@H (Open Tech Press, 9/7)

$B@h7n3+:E$5$l$?(BBlack Hat$B$H(BDEFCON$B$G!"(BApple Wi-Fi$B$,Jz$($k@H8xI=!W$5$l$?!#$7$+$7!"Ev$N(BJohnny Cache$B$3$H(BJon Ellch$B$H(BDave Maynor$B$N(B2$B?M$,$=$l0JMhD@L[$7$?$?$a!";XE&$5$l$?@H

$B!!(BApple $B$G$9$+$i!#(B

New tricks with old software - New Zero-Day in MS Office 2000

$B!!%"%I%P%$%6%j=P$^$7$?(B: $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (925059) Microsoft Word $B$N@H (Microsoft)$B!#2sHr:v$H$7$F!"(BWord Viewer 2003 $B$NMxMQ$,5s$2$i$l$F$$$k!#(B

$B"#(B SECJ$B!"(BPSP$B$N%;%-%e%j%F%#@H
(Internet Watch, 2006.09.07)

$B!!(BPSP $B%7%9%F%`%=%U%H%&%'%"(B $B%P!<%8%g%s(B 2.81 $BEP>l!#(BPSP$B$N(BTIFF$B2hA|=hM}$K?7$?$J@H (Internet Watch, 2006.09.01) $B$N7o$,=$@5$5$l$F$$$k!#(B $BAa$$$G$9$M!#(B

$B!!4XO"(B: PSP$B!V%W%l%$%9%F!<%7%g%s!&%]!<%?%V%k!W%7%9%F%`%=%U%H%&%'%"(B $B%"%C%W%G!<%H(B (playstation.com)

$B"#(B 2006.09.06

$B"#(B [SA21752] ISC BIND Denial of Service Vulnerabilities
(Secunia, 2006.09.06)

$B!!(Bbind 9.3.x / 9.4.x $B$K(B 2 $B$D$N7g4Y!#(B

$B!!(Bbind 9.3.2-P1 / 9.3.3rc2, 9.4.0b2 $B$G=$@5$5$l$F$$$k!#$^$?!"(B bind 9.2.x $B$O$3$N7g4Y$N0-1F6A$O

$B!!(Bbind 9.3.2 $B$H(B bind 9.3.2-P1 $B$N(B diff $B$rbind-9.3.2-9.3.2-P1.diff

$B"#(B $BDI5-(B

$B%&%A$N%P%C%F%j$O$@$$$8$g$&$V$G$9$^$D$j(B
eEye Advisories: IBM eGatherer ActiveX $B%3!<%I

$B!!$9$:$-$5$s$+$i(B ($B>pJs$"$j$,$H$&$4$6$$$^$9(B)

$B85!9%W%j%m!<%I$5$l$F$$$?$b$N(B ( C:\WINDOWS\system32\IbmEgath.dll ) $B$N%W%m%Q%F%#I=<($K$"$k8@8l$,!V1Q8l(B ($BJF9q(B)$B!W$@$C$?$N$G!"$^$s$^>e=q$-$7$F$7$^$$$^$7$?!#(B
2$B=54V$?$A$^$9$,:#$N$H$3$mLdBj$O=P$F$J$$$G$9!#(B

$B"#(B 2006.09.05

$B"#(B $BDI5-(B

New tricks with old software - New Zero-Day in MS Office 2000

$B!!(B[SA21735] Microsoft Word 2000 Unspecified Code Execution Vulnerability

JVN#99776858: Webmin $B$*$h$S(B Usermin $B$K%/%m%9%5%$%H%9%/%j%W%F%#%s%0$r4^$`J#?t$N@H

$B!!(BSNS Advisory $B=P$F$^$9(B:

$B!!(BSecurity Alerts (webmin.com) $B$K$bL@5-$5$l$^$7$?!#(B

$B"#(B [SA21732] Mailman Multiple Vulnerabilities
(secunia, 2006.09.04)

$B!!(BMailman 2.x $B$K7g4Y!#%K%;$N%m%0$rA^F~$G$-$k!"%X%C%@$N=hM}$G(B DoS $B$,H/@8!"%a!<%k>e$N(B JavaScript $B%3!<%I$,CVE-2006-2941$B!#(BCVSS Severity: 7.0 (High)

$B!!(BMailman 2.1.9rc1 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B 2006.09.04

$B"#(B $BDI5-(B

$B%&%$%k%9%P%9%?!<(B2006$B$N%U%#%C%7%s%0:>5=BP:v%D!<%k%P!<$O%9%Q%$%&%'%"$+!)(B

$B!!(B$B%&%$%k%9%P%9%?!<(B2007 $B%U%!!<%9%H!&%$%s%W%l%C%7%g%s(B (MYCOM $B%8%c!<%J%k(B, 2006.09.02)$B!#%&%$%k%9%P%9%?!<(B2007 $B$G$O!"$-$A$s$H@bL@$5$l$k$h$&$K$J$C$F$$$k$h$&$G$9!#(B

$B$$$m$$$m(B (2006.08.16)

$B!!(BPHP 5.1.5 $B$M$?(B CVE: CVE-2006-4481 CVE-2006-4482 CVE-2006-4483 CVE-2006-4484 CVE-2006-4485

$B%5%$%\%&%:@=IJ$N@H

$B!!%5%$%\%&%:$N(B Advisory $B$,2~D{$5$l$F$$$^$9!#8x<0$K(B 3 $B$D$K$J$j$^$7$?!#(B

$B!!$G$b!"(B$B%5%$%\%&%:(B Office 6.6(1.3) $B$K$*$1$k2~=$FbMF(B ($B%5%$%\%&%:(B, 2006.08.25) $B$G$N07$$$O!"$"$$$+$o$:!VIT6q9g!W$N$^$^$G$9!#(B

$B!V(BYour computer is infected!$B!W$N7Y9p$r=P$9%$%s%A%-%"%W%j$N:o=|K!(B

$B!!(BsmitRem $B$K$O!"$BIT?3$J%"%s%A%9%Q%$%&%'%"%=%U%H$H!"(BZlob$B$H(BCodec$B$N4X78(B (Semplice, 4/8) $B$NKvHx$N(B Appendix $B$r;2>H!#(B Luca $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9(B ($B>R2p$,CY$/$F$9$$$^$;$s(B)$B!#(B

$B!!(B$B%*%j%8%J%k%5%$%H(B$B$r8+$F$_$k$H!"(BsmitRem $B$O%P!<%8%g%s(B 3.1 $B$K$J$C$F$^$9$M!#(B

$B"#(B New tricks with old software - New Zero-Day in MS Office 2000
(Symantec, 2006.09.03)

$B!!(BMicrosoft Office 2000 (Word 2000) $B$K(B 0-day $B7j$,$"$k$i$7$$$G$9!#(B

2006.09.05 $BDI5-(B:

$B!!(B[SA21735] Microsoft Word 2000 Unspecified Code Execution Vulnerability

2006.09.07 $BDI5-(B:

$B!!%"%I%P%$%6%j=P$^$7$?(B: $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (925059) Microsoft Word $B$N@H (Microsoft)$B!#2sHr:v$H$7$F!"(BWord Viewer 2003 $B$NMxMQ$,5s$2$i$l$F$$$k!#(B

$B!!(BNVD: CVE-2006-4534

2006.10.11 $BDI5-(B:

$B!!(BMicrosoft Word $B$N@H (Microsoft) $B$G=$@5$5$l$^$7$?!#(B

$B"#(B [openmya:035806] IE $B$K$*$1$k(B "expression" $B$N2a>j8!=P$K$h$k(B XSS $B$NM60x(B
(openmya ML, 2006.08.31)

$B!!(BIE 6 / 7 $B$K$*$$$F!"%9%?%$%k%7!<%HFb$G(B JavaScript $B$rF0:n$5$;$k$?$a$K5-=R$9$k!"(Bexpression $B$H$$$&J8;zNs$K$O$5$^$6$^$J=q$-J}$,$"$k$H$$$&OC!#(B web $B%"%W%j20$5$s$O$?$$$X$s$G$9!#(B

$B!!(B[openmya:035822] $B0J2<$N%9%l%C%I$G!"%U%#%k%?%j%s%0J}K!$K$D$$$F9M;!$5$l$F$$$^$9!#(B

2006.12.05 $BDI5-(B:

$B!!4XO"(B: SquirrelMail: Cross site scripting in compose, draft & HTML mail viewing

$B"#(B 2006.09.01

$B"#(B $B%Q%J%=%K%C%/!"(BLet'snote W4G$B$N%P%C%F%j$rL5=~8r49(B $B!A%i%C%AItJ,$,GKB;!"H/2P$O$J$7(B
(PC Watch, 2006.09.01)

$B!!(BLet's note CF-W4G $B$K$*$$$F!VMn2<$J$I$G6/$$>W7b$,2C$o$C$?>l9g!W$K!V%P%C%F%j!<%Q%C%/$N%i%C%AItJ,$,GKB;$9$k2DG=@-!W$,$"$j!"$3$N$?$a$K!V%P%C%F%j!<%Q%C%/$KH/G.!&JQ7A$,@8$8$k>l9g!W$,$"$k$=$&$G$9!#(BLet's note CF-W4G $B%f!<%6$O3NG'$7$^$7$g$&!#(B

$B!!$J$*!"$3$N7o$O(B SONY $B$H$O4X78$J$$$=$&$G$9!#(B

[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B