$B%;%-%e%j%F%#%[!<%k(B memo - 2007.01

Last modified: Fri Dec 26 13:20:25 2008 +0900 (JST)

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B"#(B 2007.01.31

  • $B%7%s%I%i! ($B%$%6(B!, 2006.12.15)
  • $B%7%s%I%i!<$N;v8N!"!V%3%$%k%7%g!<%H860x!W!D4IM}2q ($BFIGd(B, 2006.12.27)
  • $B%7%s%I%i!<%(%l%Y!<%?!<9b9;@805;`;v7o(B ($B894,%J%l%C%8%M%C%H%o!<%/(B)

    • $B"#(B $BDI5-(B

    SONY $B@=%P%C%F%jJ}LL(B

    $B!!(B$B%=%K!<3t<02q ($BIY;NDL(B, 2007.01.30)

    $BEv/$J$$>u67$K$"$j$^$9(I!$B$=$N$?$a!"Ev=i$O?=$79~$_4|4V$r(B2007$BG/(B1$B7nKvF|$^$G$H$7$F$*$j$^$7$?$,!"(B2007$BG/(B7$B7nKvF|$^$G1dD9$7$^$9!#(B
    Adobe Acrobat Reader Plugin - Multiple Vulnerabilities

    $B!!(BAPSB07-01 $B$H(B APSA07-0[12] $B$NF|K\8lHG$,=P$F$$$^$7$?!#(B

    The "Sony rootkit" case

    $B!!(BSONY BMG$B!"(Brootkit$BLdBj$G(BFTC$B$HOB2r$X(B (ITmedia, 2007.01.31)$B!#(BFTC $B$HOB2r$@$=$&$G$9!#(B

    $B"#(B $B$$$m$$$m(B (2007.01.31)
    (various)

    $B"#(B 2007.01.30

    $B"#(B $BDI5-(B

    $B$$$m$$$m(B (2007.01.17)

    $B!!(BSun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit

    $B%U%l%C%7%e%j!<%@!<$N@H

    $B!!(Bsage 1.3.10 $B$,=P$?$h$&$G$9!#(B

    $B!!$3$l$K$"$o$;$F!"(BSage++ (Higmmer's Edition) 1.3.10 $B$bEP>l$7$F$$$^$9!#(B

    $B!!$^$?!"(B[$B=EMW(B] Sage++ (Higmmer's Edition)$B$N@HpJs$K4X$7$F!"$*OM$S$H $B$,2CI.$5$l$F$$$^$9!#(B

    (1/30$BDI5-(B) $B>e5-(BFail$B9`L\$NFb!"!V(BNon-Alpha-Non-Digit$B!W!V(BEvade_Regex_Filter2$B!W$K$D$$$F$O8x<0HG(BSage 1.3.10$B$G=$@5$5$l$?$3$H$r3NG'$7$^$7$?!#$7$+$7!";D$k!V(BDouble_open_angle_brackets$B!W$K$D$$$F$OL$$@$K=$@5$5$l$F$$$J$$LOMM$G$9!#>\$7$/$O$3$A$i$N%(%s%H%j$r;2>H$7$F2<$5$$!#>0!"@[:n$N(BSage++ 1.3.10$B$G$O9bB.(BHTML$B%U%#%k%?$,;HMQITG=$K$J$C$F$*$j!">e5-@H

    $B!!$H$$$&$o$1$G!"(BSage 1.3.10 $B$K$O$^$@LdBj$,;D$C$F$$$k$h$&$G$9!#(B $BMxMQ

    $B!!$=$&$@$5$s!"9b66$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

    $B"#(B $B$$$m$$$m(B (2007.01.30)
    (various)

    $B"#(B 2007.01.29

    $B"#(B $B$$$m$$$m(B (2007.01.29)
    (various)

    $B"#(B $BDI5-(B

    JVN#32985115: Movable Type $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H

    $B!!(BMovable Type <= 3.33 XSS Exploit

    $B"#(B 2007.01.28

    $B"#(B $B$$$m$$$m(B (2007.01.28)
    (various)

    2007.02.03 $BDI5-(B:

    $B!!(BBrightStor ARCserve Backup $BOC(B:

    $B"#(B 2007.01.27

    $B"#(B $BDI5-(B

    $B%U%l%C%7%e%j!<%@!<$N@H

    $B!!(B[$B=EMW(B] Sage++ (Higmmer's Edition)$B$N@HpJs$K4X$7$F!"$*OM$S$H ($B$R$0$^$N$R$^%0(B, 2007.01.25)$B!#(B

    $B0J>e$N$3$H$+$i!"(BFirefox$B$N3HD%5!G=!V(BSage 1.3.x$B!W!V(BSage 1.4$B!W5Z$S!V(BSage++ (Higmmer's Edition)$B!W$O$^$5$K!VHs>o$K4m81$J!W3HD%5!G=$N$R$H$D$G$"$j!"8=;~E@$G$O0lHL%f!<%6!<$,5$7Z$K;HMQ$9$k$3$H$r?d>)$G$-$k%=%U%H%&%'%"$G$O$J$$$H8@$o$6$k$rF@$^$;$s!#$4;HMQ$K$"$?$C$F$O$=$N%a%j%C%H!&%G%a%j%C%H$r$h$/9MN8$N>e!"3F<+$N!V<+8J@UG$!W(B($BK\Mh$3$N8@MU$O$"$^$j9%$-$G$O$J$$$N$G$9$,(B)$B$N85$K$*$$$F;HMQ$r7QB3$9$k$J$j!"Cf;_$9$k$J$j$N$4H=CG$r$7$FD:$-$?$$$H;W$$$^$9!#(B

    $B!!4XO"(B: [$B=EMW(B] Sage++ (Higmmer's Edition)$B$N@HpJs$K4X$7$F!"$*OM$S$H ($BMU$C$QF|5-(B, 2007.01.26)

    Sage 1.4$B$N@H

    $B!!(B0-day $B$G$P$i$7$A$c$&?M$,$=$&$$$&$3$H$r$9$k$H$O;W$($J$$$1$I$J$"!#(B

    Cisco vulnerabilities

    $B!!4XO">pJs$rDI2C$7$?!#(B

    $B"#(B $B$$$m$$$m(B (2007.01.27)
    (various)

    $B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (932114) Microsoft Word 2000 $B$N@H
    (Microsoft, 2007.01.27)

    $B!!(BWord 2000 $B$K(B 0-day $B7g4Y!#(B Word $BJ8=q$N=hM}$K$*$$$F(B buffer overflow $B$9$k7g4Y$,$"$j!"96N,(B Word $BJ8=q$K$h$C$FG$0U$N%3!<%I$rCVE-2007-0515

    $B!!4XO"(B:

    2007.02.08 $BDI5-(B:

    $B!!(BMicrosoft Word 2000 Unspecified Code Execution Vulnerability Exploit (0-day) (milw0rm)

    $B"#(B 2007.01.26

    $B"#(B 2007.01.25

    $B"#(B $BDI5-(B

    Apple QuickTime RTSP URL Handler Vulnerability

    $B!!(BWindows $B$G(B Apple Software Update $B$r;H$C$F(B Security Update 2007-001 $B$rE,MQ$9$k$H!"0J2<$,99?7$5$l$k$_$?$$!#(B

    • C:\Program Files\QuickTime\QuickTimePlayer.exe
    • C:\Program Files\QuickTime\QTSystem\QuickTime.qts
    • C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx

    $B!!99?78e$N(B QuickTimePlayer.exe $B$N(B digital signature $B$O$3$s$J46$8(B:

    • MD5: 3C4BB567B36ED1F671FAF6DC41472D77
    • SHA1: C8F7D0071599EAAD45A01A69802B79E6C76201F9

    $B!!(BQuickTimePlayer $B$N%P!<%8%g%s<+BN$O(B 7.1.3.90 $B$N$^$^$@$C$?!#(B

    $B"#(B $B%U%l%C%7%e%j!<%@!<$N@H
    ($B$R$0$^$N$R$^%0(B, 2007.01.18)

    $B!!?M@8$$$m$$$m!"3+H/

    JPCERT/CC$B$+$i$NO"Mm$K$h$k$H$3$N@H

    $B!!%*%j%8%J%k$N(B Sage 1.3.9 $B$rMxMQ$7$F$$$k?M$bCm0U$7$^$7$g$&!#(B

    2007.01.27 $BDI5-(B:

    $B!!(B[$B=EMW(B] Sage++ (Higmmer's Edition)$B$N@HpJs$K4X$7$F!"$*OM$S$H ($B$R$0$^$N$R$^%0(B, 2007.01.25)$B!#(B

    $B0J>e$N$3$H$+$i!"(BFirefox$B$N3HD%5!G=!V(BSage 1.3.x$B!W!V(BSage 1.4$B!W5Z$S!V(BSage++ (Higmmer's Edition)$B!W$O$^$5$K!VHs>o$K4m81$J!W3HD%5!G=$N$R$H$D$G$"$j!"8=;~E@$G$O0lHL%f!<%6!<$,5$7Z$K;HMQ$9$k$3$H$r?d>)$G$-$k%=%U%H%&%'%"$G$O$J$$$H8@$o$6$k$rF@$^$;$s!#$4;HMQ$K$"$?$C$F$O$=$N%a%j%C%H!&%G%a%j%C%H$r$h$/9MN8$N>e!"3F<+$N!V<+8J@UG$!W(B($BK\Mh$3$N8@MU$O$"$^$j9%$-$G$O$J$$$N$G$9$,(B)$B$N85$K$*$$$F;HMQ$r7QB3$9$k$J$j!"Cf;_$9$k$J$j$N$4H=CG$r$7$FD:$-$?$$$H;W$$$^$9!#(B

    $B!!4XO"(B: [$B=EMW(B] Sage++ (Higmmer's Edition)$B$N@HpJs$K4X$7$F!"$*OM$S$H ($BMU$C$QF|5-(B, 2007.01.26)

    Sage 1.4$B$N@H

    $B!!(B0-day $B$G$P$i$7$A$c$&?M$,$=$&$$$&$3$H$r$9$k$H$O;W$($J$$$1$I$J$"!#(B

    2007.01.30 $BDI5-(B:

    $B!!(Bsage 1.3.10 $B$,=P$?$h$&$G$9!#(B

    $B!!$3$l$K$"$o$;$F!"(BSage++ (Higmmer's Edition) 1.3.10 $B$bEP>l$7$F$$$^$9!#(B

    $B!!$^$?!"(B[$B=EMW(B] Sage++ (Higmmer's Edition)$B$N@HpJs$K4X$7$F!"$*OM$S$H $B$,2CI.$5$l$F$$$^$9!#(B

    (1/30$BDI5-(B) $B>e5-(BFail$B9`L\$NFb!"!V(BNon-Alpha-Non-Digit$B!W!V(BEvade_Regex_Filter2$B!W$K$D$$$F$O8x<0HG(BSage 1.3.10$B$G=$@5$5$l$?$3$H$r3NG'$7$^$7$?!#$7$+$7!";D$k!V(BDouble_open_angle_brackets$B!W$K$D$$$F$OL$$@$K=$@5$5$l$F$$$J$$LOMM$G$9!#>\$7$/$O$3$A$i$N%(%s%H%j$r;2>H$7$F2<$5$$!#>0!"@[:n$N(BSage++ 1.3.10$B$G$O9bB.(BHTML$B%U%#%k%?$,;HMQITG=$K$J$C$F$*$j!">e5-@H

    $B!!$H$$$&$o$1$G!"(BSage 1.3.10 $B$K$O$^$@LdBj$,;D$C$F$$$k$h$&$G$9!#(B $BMxMQ

    $B!!$=$&$@$5$s!"9b66$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

    2007.02.09 $BDI5-(B:

    $B!!4XO"(B:

    $B!!(BJVN $B$G$O(B

    2007/02/09 $B8=:_!"(BSage++ $B$N8x3+$*$h$S%"%C%W%G!<%H$ODd;_$5$l$F$$$^$9!#(BSage++ $B%f!<%6$O(B Sage $B$N:G?7HG$rMxMQ$9$k$3$H$r?d>)$7$^$9(B

    $B$H$J$C$F$$$k$,!"(B [$B=EMW(B] Sage++ (Higmmer's Edition) 1.3.10a $B:G=*%j%j!<%9(B ($B$R$0$^$N$R$^%0(B) $B$J$I$K$h$k$H!"(BSage 1.3.10 $B$K$O(B ($BJ#?t$N(B?) $B7g4Y$,;D$C$F$$$k$h$&$G$9!#(B $B$4Cm0U$r!#(B

    $B"#(B Cisco vulnerabilities
    (SANS ISC, 2007.01.24)

    $B!!(BCisco IOS $B$KJ#?t$N7g4Y!#(B

    $B!!7g4Y$KBP1~$7$?(B IOS $B$K99?7$9$l$P$h$$!#(B

    2007.01.27 $BDI5-(B:

    $B!!4XO">pJs$rDI2C$7$?!#(B

    $B"#(B bind 9.2.8 / 9.3.4 / 9.4.0rc2 $B%j%j!<%9(B
    (ISC, 2007.01.25)

    $B!!(Bbind 9.2.8 / 9.3.4 / 9.4.0rc2 $BEP>l!#(B2 $B7o$N%;%-%e%j%F%#7g4Y$,=$@5$5$l$F$$$^$9!#(B

    $B"#(B 2007.01.24

    $B"#(B JVN#32985115: Movable Type $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H
    (JVN, 2007.01.23)

    $B!!(BMovable Type 3.3$B!A(B3.33 $B$K(B XSS $B7g4Y$,$"$k$H$$$&OC!#(B Movable Type Security Bug (NoFollow $B%W%i%0%$%sOC(B) $B$H$OJL$NOC$+(B? Movable Type 3.34 $B$G=$@5$5$l$F$$$k$=$&$@!#(B 3.34 $B$G2r@b$5$l$F$$$k!"(BMovable Type Security Bug $B$H$OJL$NOC$K$O0J2<$,$"$k!#(B

    $BIT@5$J(BHTML$B%?%0$K$h$k%9%/%j%W%H $B$"$k
    MTCommentPreviewIsStatic$B%F%s%W%l!<%H%?%0$N5!G=$rMxMQ$7$?%9%/%j%W%H MTCommentPreviewIsStatic$B$N5!G=$rIT@5$K;HMQ$9$k$3$H$G!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$r2DG=$K$9$kIT6q9g$,B8:_$7$F$$$^$7$?!#$3$NIT6q9g$r=$@5$7$^$7$?!#(B

    2007.01.29 $BDI5-(B:

    $B!!(BMovable Type <= 3.33 XSS Exploit

    $B"#(B $BDI5-(B

    $B$$$m$$$m(B (2007.01.16)

    $B!!(BMovable Type 3.34$BF|K\8lHG$NDs6!$r3+;O(B (sixapart.jp)$B!#(BMovable Type Security Bug $B$NOC$,=$@5$5$l$F$$$^$9!#(B

    Apple QuickTime RTSP URL Handler Vulnerability

    $B!!(Bpatch $B$,=P$^$7$?(B: Security Update 2007-001 $B$K$D$$$F(B (Apple)$B!#(B $BE,MQ$7$F$b(B QuickTime $B$N%P!<%8%g%sI=<($OJQ$o$i$J$$$_$?$$$G$9$M!#(B

    $B"#(B P2P$B%=%U%H(BShare$B$N0E9f$r2r@O!$%M%C%H%o!<%/2D;k2=%7%9%F%`$r3+H/(B
    ($BF|7P(B IT Pro, 2007.01.23)

    $B!!1-;t$5$s$,$^$?$d$C$?(B! Winny $B$K$R$-$D$E$$$F!":#EY$O(B Share $B$G$9!#(B

    $B"#(B 2007.01.23

    $B"#(B 2007.01.22

    $B"#(B $B$$$m$$$m(B (2007.01.22)
    (various)

    $B"#(B $BDI5-(B

    [SA23767] Squid Denial of Service Vulnerabilities

    $B!!(BBug 1857: Core dump on visiting GNU FTP server $B$N7o!"$h$/$h$/8+$?$i;`$s$G$$$?$N$G5-=R$rJQ99$7$^$7$?!#(Borz

    $B"#(B 2007.01.21

    $B"#(B 2007.01.20

    $B"#(B 2007.01.19

    $B"#(B $BDI5-(B

    Microsoft Excel $B$N@H

    $B!!(BExcel 2000 $BMQ$N?7(B patch $B=P$^$7$?(B: MS07-002 $B$N:F%j%j!<%9(B ($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog, 2007.01.19)$B!#(B $B

    $B"#(B 2007.01.18

    $B"#(B $B$$$m$$$m(B (2007.01.18)
    (various)

    $B"#(B [SA23767] Squid Denial of Service Vulnerabilities
    (Secunia, 2007.01.16)

    $B!!(BSquid 2.6.STABLE7 $B$G=$@5$5$l$?$b$N(B$B$N$&$A!"(B Bug 1857: Core dump on visiting GNU FTP server $B$H(B Bug 1848: external_acl crashes with an infinite loop under high load $B$,%;%-%e%j%F%#$,$i$_$i$7$$!#(B

    2007.01.22 $BDI5-(B:

    $B!!(BBug 1857: Core dump on visiting GNU FTP server $B$N7o!"$h$/$h$/8+$?$i;`$s$G$$$?$N$G5-=R$rJQ99$7$^$7$?!#(Borz

    $B"#(B $BDI5-(B

    APSB06-18: Update available for HTTP Header Injection Vulnerabilities in Adobe Flash Player

    $B!!(BFlash Player 9 for Linux $B@5<0HG$,=P$?$h$&$G$9(B: Adobe Flash Player 9 for Linux now available on adobe.com (Emmy Huang, 2007.01.16)

    $B"#(B BEA: Security Advisories and Notifications
    (BEA, 2007.01.16)

    $B!!(B2007.01.16 $BIU$G7W(B 28 $B7o(B ($B?75,$O(B 24 $B7o(B) $B=P$F$$$^$9!#(BBEA $B@=IJ$NMxMQpJs$"$j$,$H$&$4$6$$$^$9!#(B $B4XO"(B:

    $B"#(B 2007.01.17

    $B"#(B $B$$$m$$$m(B (2007.01.17)
    (various)

    2007.01.30 $BDI5-(B:

    $B!!(BSun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit

    $B"#(B Oracle Critical Patch Update - January 2007
    (Oracle, 2007.01.16)

    $B!!(BOracle $BDj4|(B patch $B=P$^$7$?!#(B $B4XO"(B:

    2007.02.03 $BDI5-(B:

    $B!!4XO"(B:

    $B"#(B $BDI5-(B

    $B$$$m$$$m(B (2007.01.16)

    $B!!(BMT $B$G(B nofollow $B%W%i%0%$%s$rL58z$K$9$k$H4m81(B ($B?eL57n$P$1$i$N$($SF|5-(B, 2007.01.17)$B!#(B Movable Type Security Bug $B$NOC!#I8=`$GM-8z$J(B nofollow $B%W%i%0%$%s$,M-8z$K$J$C$F$$$l$PL5LdBj$@$=$&$G$9!#(B

    $B$$$m$$$m(B (2007.01.11)

    $B!!(BVulnerability in Acer$B!G(Bs LunchApp.APlunch ActiveX control (SANS ISC)$B!#(B Acer $BOC!"(Bpatch $B$,=P$?$=$&$G$9!#(B

    $B"#(B 2007.01.16

    $B"#(B the Month of Apple Bugs #6$B!A(B#15
    (MoAB)

    $B!!BP>]$O!"4pK\E*$K$O(B Mac OS X 10.4$B!#(B

    $B"#(B $B$$$m$$$m(B (2007.01.16)
    (various)

    2007.01.17 $BDI5-(B:

    $B!!(BMT $B$G(B nofollow $B%W%i%0%$%s$rL58z$K$9$k$H4m81(B ($B?eL57n$P$1$i$N$($SF|5-(B, 2007.01.17)$B!#(B Movable Type Security Bug $B$NOC!#I8=`$GM-8z$J(B nofollow $B%W%i%0%$%s$,M-8z$K$J$C$F$$$l$PL5LdBj$@$=$&$G$9!#(B

    2007.01.24 $BDI5-(B:

    $B!!(BMovable Type 3.34$BF|K\8lHG$NDs6!$r3+;O(B (sixapart.jp)$B!#(BMovable Type Security Bug $B$NOC$,=$@5$5$l$F$$$^$9!#(B

    2007.08.02 $BDI5-(B:

    $B!!(BFreeBSD-SA-07:01.jail - Jail rc.d script privilege escalation [REVISED]$B!#(B FreeBSD 5.5 $BMQ$N(B patch $B$,=$@5$5$l$F$$$k!#(B

    $B"#(B 2007.01.15

    $B"#(B 2007.01.14

    $B"#(B 2007.01.13

    $B"#(B 2007.01.12

    $B"#(B Important Security Notice for BrightStor ARCserve Backup
    (CA, 2007.01.11 $B99?7(B)

    $B!!(BWindows $BHG$N(B CA BrightStor ARCserve / Enterprise Backup 9.x$B!A(B11.5$B!"(BCA Protection Suites r2 $B$K7g4Y!#(BBrightStor ARCserve Backup Tape Engine $B%5!<%S%9!"(BMediasvr $B%5!<%S%9!"(BASCORE.dll $B%U%!%$%k$K7g4Y$,$"$j!"(Bremote $B$+$i(B SYSTEM $B8"8B$r

    $B!!(BBrightStor ARCserve / Enterprise Backup 9.x$B!A(B11.5 $BMQ$N(B patch $B$,MQ0U$5$l$F$$$k!#(B

    $B"#(B $BDI5-(B

    $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B: 2007.01

    $B!!(BDetection and deployment guidance for the January 9, 2007 security release (Microsoft)

    Microsoft Excel $B$N@H

    $B!!(BKB $B=P$^$7$?(B: Excel 2000 $B$O!"5-:\$5$l$?%;%-%e%j%F%#99?7%W%m%0%i%`(B 925524 $B$N%;%-%e%j%F%#>pJs(B MS07-002 $B$G%$%s%9%H!<%k8e!"$$$/$D$+$N%U%!%$%k$r3+$1$^$;$s(B (Microsoft)

    $B$3$NLdBj$O(B Excel 2000 $B$,pJs$r=hM}$9$kJ}K!$,860x$GH/@8$7$^$9!#(B

    $B!!>e5-$O<+F0K]Lu$K$h$k$b$N!#(B$B1Q8lHG(B$B$G$O$3$&$$$&J8>O(B:

    This problem occurs because of the way in which Excel 2000 processes the phonetic information that is embedded in files that are created by using Excel 2000 in the Korean, Chinese, or Japanese executable mode.

    $B!!2sHr:v$H$7$F$O(B Excel Viewer 2003 $B$d(B Excel 2002 / 2003 $B$NMxMQ$,5s$2$i$l$F$$$k!#(B

    $B"#(B 2007.01.11

    $B"#(B $BDI5-(B

    Microsoft Excel $B$N@H

    $B!!$h$&$d$/=P$^$7$?$+(B: MS07-002 $BE,MQ8e$NIT6q9g(B (Excel 2000) ($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog, 2007.01.11)

    $B"#(B PC$B@$3&$N%j%U%)!<%`:>5=!"!V%_%9%j!<%G%#%s%0%"%W%j!W$C$F2?$@!)(B
    (ITmedia, 2007.01.11)

    $B!!:G6a$O(B WinFixer $B$H$+(B SystemDoctor $B$H$+$r!V(B$B%_%9%j!<%G%#%s%0!&%"%W%j%1!<%7%g%s(B$B!W$H8@$&$N$G$9$+(B? $B%7%^%s%F%C%/MQ8l(B?

    $B"#(B Vector Markup Language $B$N@H
    (Microsoft, 2007.01.10)

    $B!!(BWindows 2000 / XP / Server 2003$B!"(BIE 5.01 / 6 / 7 $B$K7g4Y!#(B Vector Markup Language (VML) $B$N=hM}$K$*$$$F(B buffer overflow $B$9$k7g4Y$,$"$j!"96N,(B Web $B%Z!<%8$K$h$C$FG$0U$N%3!<%I$r

    $B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#$J$*!"(BWindows Vista gold $B$K$3$N7g4Y$O$J$$$,!"(B Vista RC1 $B$K$O$"$k$N$GCm0U!#(BRC1 $BMQ$N(B patch $B$,B8:_$9$k!#(B

    2007.01.18 $BDI5-(B:

    $B!!(BMS07-004 VML integer overflow exploit (milw0rm)

    $B"#(B Microsoft Outlook $B$N@H
    (Microsoft, 2007.01.10)

    $B!!(BOutlook 2000 / 2002 / 2003 $B$K(B 3 $B$D$N7g4Y!#(B

    $B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#$?$@$7(B patch $B$rE,MQ$9$k$H!"(B Office Saved Searches (.oss) $B%U%!%$%k(B ($B8!:w>r7o$rJ]B8$9$k%U%!%$%k$@$=$&$G$9(B) $B$r(B Outlook $B$GJ]B8$7$?$j3+$$$?$j$G$-$J$/$J$k!#(B $B$R$-$D$E$-(B .oss $B%U%!%$%k$rl9g$O!"(B KB925542 $B$N;X<($K=>$C$F%l%8%9%H%j$r@_Dj$9$k!#(B

    $B!!4XO"(B: Back up or recreate a Search Folder (Microsoft)

    $B"#(B Microsoft Office 2003 $B$N%]%k%H%,%k8l(B ($B%V%i%8%k(B) $B$NJ8>O9;@5%W%m%0%i%`$N@H
    (Microsoft, 2007.01.10)

    $B!!%]%k%H%,%k8l(B ($B%V%i%8%k(B) $BHG$N(B Office 2003 $B$K4^$^$l$kJ8>O9;@5%W%m%0%i%`$K7g4Y$,$"$j!"(Bbuffer overflow $B$,H/@8!"G$0U$N%3!<%I$r$N8@8lHG$N(B Office 2003 $B$K$O$3$N7g4Y$O$J$$!#(B CVE-2006-5574

    $B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

    $B"#(B $B$$$m$$$m(B (2007.01.11)
    (various)

    2007.01.17 $BDI5-(B:

    $B!!(BVulnerability in Acer$B!G(Bs LunchApp.APlunch ActiveX control (SANS ISC)$B!#(B Acer $BOC!"(Bpatch $B$,=P$?$=$&$G$9!#(B

    $B"#(B [ANNOUNCE] X.Org Security Advisory: multiple integer overflows in dbe and render extensions
    (X.Org, 2007.01.10)

    $B!!(BX.Org 6.x / 7.x $B$N(B X $B%5!<%P$K7g4Y!#(B ProcDbeGetVisualInfo(), ProcDbeSwapBuffer(), ProcRenderAddGlyphs() $B4X?t$K7g4Y$,$"$j!"(Brender $B%b%8%e!<%k$d(B dbe $B%b%8%e!<%k$r%m!<%I$7$F$$$?>l9g$K!"(BX $B%5!<%P$K%"%/%;%9$G$-$k%f!<%6$,(B root $B8"8B$r

    $B!!(BX.Org 6.8.2 / 6.9 / 7.0 / 7.1 $BMQ$N(B patch $B$,MQ0U$5$l$F$$$k!#(B

    $B!!$3$N7g4Y$O(B XFreeX86 4.x $B$K$b$"$k$h$&$@!#(B

    $B"#(B 2007.01.10

    $B"#(B $BDI5-(B

    $B0U30$HCN$i$l$F$$$J$$!)!!(BDNS$B$,Jz$($k%;%-%e%j%F%#LdBj(B

    $B!!L1ED$5$s$N;qNA$,2~D{$5$l$F$^$7$?(B: $BC;$$(BTTL$B$N%j%9%/(B (2006$BG/(B12$B7n(B27$BF|=$@5HG(B) (JPRS)$B!#(B 6 $BKgL\$H(B 7 $BKgL\$N?t<0$,JQ99$5$l$F$$$kB>$K$b$$$/$D$+0c$$$,!#(B 9 $BKgL\$H(B 10 $BKgL\$,!V3NN)!W$K$J$C$F$^$9$,!D!D!#(B

    Adobe Acrobat Reader Plugin - Multiple Vulnerabilities

    $B!!(BAdobe Reader / Acrobat 7.0.9 $B%"%C%W%G!<%H$,8x3+$5$l$^$7$?!#(BAdobe Reader / Acrobat 7.0.x $B$NMxMQ

    $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B: 2007.01

    $B!!(B4 $B7o=P$^$7$?!#(B1 $B7n$N%;%-%e%j%F%#(B $B%j%j!<%9(B ($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog, 2007.01.10) $B$h$j(B:

    $B:#7n$N;vA09pCN$G$O!"Ev=i(B 8 $B7o$H$*CN$i$;$7$F$$$^$7$?$,!"(B4 $B7o$KJQ99$7$^$7$?!#(B $B$3$l$O!"99?7%W%m%0%i%`$NIJ

    $B"#(B Microsoft Excel $B$N@H
    (Microsoft, 2007.01.10)

    $B!!(BExcel $B$K(B 5 $B

    $B!!$$$:$l$b(B 0-day $B$G$O$J$$!#(B

    $B!!(BExcel 2000 / XP (2002) / 2003, Excel Viewer 2003, Works Suite 2004 / 2005, Office 2004 for Mac, Office v. X for Mac $BMQ$N(B patch $B$,=P$F$$$k!D!D$N$G$9$,!">/$J$/$H$b(B Excel 2000 $BMQ$N(B patch $B$K$O!VE,MQ$9$k$H(B Excel $B%U%!%$%k$r3+$/$3$H$,$G$-$J$/$J$k>l9g$,$"$k!W$H$$$&CWL?E*$JI{:nMQ$,B8:_$9$k$3$H$r!"

    $B!!(BExcel 2000 $B$@$1$,!V?<9oEY(B: $B6[5^!W$@$H$5$l$F$$$k$N$K!"$=$N(B Excel 2000 $B$GIT6q9g$,H/@8$9$k$H$O!D!D!#(B $B

    $B!!(BExcel 2000 $BMQ$N(B patch $B$O%"%s%$%s%9%H!<%k$G$-$J$$$h$&$G$9!#(B MS07-002 $B$h$j(B:

    $B:o=|$K4X$9$k>pJs(B
    $B$3$N99?7%W%m%0%i%`$N%$%s%9%H!<%k8e!":o=|$O$G$-$^$;$s!#99?7%W%m%0%i%`$N%$%s%9%H!<%kA0$N>uBV$KLa$9$K$O!"%"%W%j%1!<%7%g%s$r:o=|$7!"$=$l$r85$N(B CD-ROM $B$+$i:FEY%$%s%9%H!<%k$9$kI,MW$,$"$j$^$9!#(B

    $B!!(Bpatch $B$rE,MQ$7$F$$$J$$(B Excel 2000 $B$N(B EXCEL.EXE $B$r>e=q$-$9$k$H2sI|$G$-$^$7$?(B [memo:9199] [memo:9200]$B!#85$N%U%!%$%k$O(B rename $B$7$F;D$7$F$*$$$?J}$,$$$$$G$7$g$&$1$I!#(B

    2007.01.11 $BDI5-(B:

    $B!!$h$&$d$/=P$^$7$?$+(B: MS07-002 $BE,MQ8e$NIT6q9g(B (Excel 2000) ($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog, 2007.01.11)

    2007.01.12 $BDI5-(B:

    $B!!(BKB $B=P$^$7$?(B: Excel 2000 $B$O!"5-:\$5$l$?%;%-%e%j%F%#99?7%W%m%0%i%`(B 925524 $B$N%;%-%e%j%F%#>pJs(B MS07-002 $B$G%$%s%9%H!<%k8e!"$$$/$D$+$N%U%!%$%k$r3+$1$^$;$s(B (Microsoft)

    $B$3$NLdBj$O(B Excel 2000 $B$,pJs$r=hM}$9$kJ}K!$,860x$GH/@8$7$^$9!#(B

    $B!!>e5-$O<+F0K]Lu$K$h$k$b$N!#(B$B1Q8lHG(B$B$G$O$3$&$$$&J8>O(B:

    This problem occurs because of the way in which Excel 2000 processes the phonetic information that is embedded in files that are created by using Excel 2000 in the Korean, Chinese, or Japanese executable mode.

    $B!!2sHr:v$H$7$F$O(B Excel Viewer 2003 $B$d(B Excel 2002 / 2003 $B$NMxMQ$,5s$2$i$l$F$$$k!#(B

    2007.01.19 $BDI5-(B:

    $B!!(BExcel 2000 $BMQ$N?7(B patch $B=P$^$7$?(B: MS07-002 $B$N:F%j%j!<%9(B ($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog, 2007.01.19)$B!#(B $B

    2007.02.03 $BDI5-(B:

    $B!!(BMS07-002 EXCEL Malformed Palette Record Vulnerability DOS POC (milw0rm)

    $B"#(B 2007.01.09

    $B"#(B spam dies$B$H$O$$$&$1$l$I(Btemporaryinbox.com$B$N%5!<%S%9$G>pJsO3$lO3$l$H;W$&7o(B
    ($B%$%s%U%i4IM}

    $B!!$J$s$@$+$\$m$\$m$N$h$&$G$9$M!D!D!#$O$J$:$-$s$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

    $B"#(B $BDI5-(B

    Adobe Acrobat Reader Plugin - Multiple Vulnerabilities

    $B!!4XO"(B:

    $B"#(B $B$$$m$$$m(B (2007.01.09)
    (various)

    $B"#(B 2007.01.08

    $B"#(B $B$$$m$$$m(B (2007.01.08)
    (various)

    $B"#(B 2007.01.07

    $B"#(B $BDI5-(B

    MOAB-03-01-2007: Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability

    $B!!(BMonth of Apple Bugs - Day 3 (Landon Fuller, 2007.01.04) $B$H(B Month of Apple Bugs - Day 4 (Landon Fuller, 2007.01.05) $B$K(B patch $B$,$"$kLOMM!#(B $B$?$^$A$c$s$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

    Apple QuickTime RTSP URL Handler Vulnerability

    $B!!(BMonth of Apple Bugs - Day 1 (Landon Fuller, 2007.01.02) $B$K(B patch $B$,$"$kLOMM!#(B $B$?$^$A$c$s$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

    $B"#(B 2007.01.06

    $B"#(B $B$$$m$$$m(B (2007.01.06)
    (various)

    $B"#(B MOAB-03-01-2007: Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability
    (MOAB, 2007.01.03)

    $B!!(BQuicktime 7.1.3 $B$K7g4Y!#(B MySpace$B$G46@w$r(B $B9-$2$k!H(BQuickTime$B%S%G%*!&%o!<%`!I!$L\E*$O%U%#%C%7%s%0(B $B$N7o$G0lLvM-L>$K$J$C$?(B HREFTrack $B$O!"(BXSS $B$@$1$G$J$/(B Cross-zone scripting $B$b2DG=$@!"$H$$$&OC!#(B CVE-2007-0059

    $B!!=$@5%W%m%0%i%`$O:#$N$H$3$mB8:_$7$J$$!#;XE&)$7$F$$$k!#(B $B$=$l$K$7$F$b(B HREFTrack $B$G$9$,!"(BMySpace.com $BFbIt$G$@$1(B QuickTime $B$N(B patch $B$,G[I[$5$l$F$$$?$N$G$9$+!D!D!#(B

    2007.01.07 $BDI5-(B:

    $B!!(BMonth of Apple Bugs - Day 3 (Landon Fuller, 2007.01.04) $B$H(B Month of Apple Bugs - Day 4 (Landon Fuller, 2007.01.05) $B$K(B patch $B$,$"$kLOMM!#(B $B$?$^$A$c$s$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

    $B"#(B Apple QuickTime RTSP URL Handler Vulnerability
    (SANS ISC, 2007.01.03)

    $B!!(BQuickTime 7.1.3 $B$K7g4Y!#(BRTSP $B%W%m%H%3%k$N(B URL $B%O%s%I%i$K7g4Y$,$"$j!"(Bbuffer overflow $B$,H/@8!"96N,(B rtsp:// URL $B$K$h$C$FG$0U$N%3!<%I$rthe Month of Apple Bugs $B$N1I$($"$k(B 1 $B8DL\!#(B CVE-2007-0015

    $B!!=$@5%W%m%0%i%`$O:#$N$H$3$mB8:_$7$J$$!#(BQuickTime $B$G(B rtsp:// URL $B$r=hM}$7$J$$$h$&@_Dj$9$l$P2sHr$G$-$k!#(B

    2007.01.07 $BDI5-(B:

    $B!!(BMonth of Apple Bugs - Day 1 (Landon Fuller, 2007.01.02) $B$K(B patch $B$,$"$kLOMM!#(B $B$?$^$A$c$s$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

    2007.01.24 $BDI5-(B:

    $B!!(Bpatch $B$,=P$^$7$?(B: Security Update 2007-001 $B$K$D$$$F(B (Apple)$B!#(B $BE,MQ$7$F$b(B QuickTime $B$N%P!<%8%g%sI=<($OJQ$o$i$J$$$_$?$$$G$9$M!#(B

    2007.01.25 $BDI5-(B:

    $B!!(BWindows $B$G(B Apple Software Update $B$r;H$C$F(B Security Update 2007-001 $B$rE,MQ$9$k$H!"0J2<$,99?7$5$l$k$_$?$$!#(B

    • C:\Program Files\QuickTime\QuickTimePlayer.exe
    • C:\Program Files\QuickTime\QTSystem\QuickTime.qts
    • C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx

    $B!!99?78e$N(B QuickTimePlayer.exe $B$N(B digital signature $B$O$3$s$J46$8(B:

    • MD5: 3C4BB567B36ED1F671FAF6DC41472D77
    • SHA1: C8F7D0071599EAAD45A01A69802B79E6C76201F9

    $B!!(BQuickTimePlayer $B$N%P!<%8%g%s<+BN$O(B 7.1.3.90 $B$N$^$^$@$C$?!#(B

    $B"#(B OpenOffice.org V2.0$B$K=EBg$J%;%-%e%j%F%#%[!<%k!"$@$,!D(B
    (slashdot.jp, 2007.01.05)

    $B!!(B[SA23612] OpenOffice WMF/EMF Processing Buffer Overflow Vulnerabilities $B$NOC!#(BOpenOffice.org 2.1 $B$G=$@5$5$l$F$$$k$=$&$G$9!#(B $B%^%k%A%G%#%9%W%l%$$KBP1~$7$?!V(BOpenOffice.org$B!W(Bv2.1 $BF|K\8lHG$,8x3+(B ($BAk$NEN(B) $B$@$=$&$J$N$G%"%C%W%G!<%H$7$^$;$&!#(B

    $B"#(B Adobe Acrobat Reader Plugin - Multiple Vulnerabilities
    (Stefano Di Paola, 2007.01.04)

    $B!!(BAdobe Reader / Acrobat 7.x $B0JA0$N%W%i%0%$%s$KJ#?t$N7g4Y$,$"$k$H$$$&OC!#(B

    1. $B%f%K%P!<%5%k(B Session Riding (CSRF)$B!#(B $BBP>](B: Firefox / IE 6 / Opera + Adobe Reader / Acrobat $B%W%i%0%$%s(B

      http://example.com/file.pdf#FDF=http://example.jp/index.html?param=... $B$X$N%j%s%/$r$?$I$k$H!"%f!<%6$X$NLd$$$"$o$;$J$7$G(B example.jp $B$K(B param=... $B$,Aw$i$l$F$7$^$$!"(BCSRF $B967b$KMxMQ$G$-$kLOMM!#(BFDF (Forms Data Format) $B$NB>$K(B XML= $B$d(B XFDF= $B$G$bF1MM$K$J$k$=$&$@!#(B CVE-2007-0044

    2. $B%f%K%P!<%5%k(B XSS$B!#(B $BBP>](B: Firefox + Adobe Reader / Acrobat $B%W%i%0%$%s(B

      http://example.com/file.pdf#FDF=javascript:alert('Test Alert') $B$X$N%j%s%/$r$?$I$k$H!"(BFirefox $B>e$G(B JavaScript $B$,

      # $B$N$&$7$m$O$J$s$G$b$$$$$_$?$$!#(B

    3. $B%j%b!<%H%3!<%I$N](B: Firefox + Adobe Reader / Acrobat $B%W%i%0%$%s(B

      http://example.com/file.pdf#FDF=javascript:document.write('jjjjj...'); $B$X$N%j%s%/$r$?$I$k$H(B Firefox $BFbIt$G$N%a%b%jGK2u$rM6H/$G$-!"$3$l$r;H$&$HG$0U$N%3!<%I$rCVE-2007-0046

    4. DoS$B!#(B $BBP>](B: IE 6 + Adobe Reader / Acrobat $B%W%i%0%$%s(B

      http://example.com/file.pdf#####...(More '#') $B$X$N%j%s%/$r$?$I$k$H(B IE 6 $B$,(B DoS $B$K$J$kLOMM!#(B CVE-2007-0048

    $B!!$3$N7g4Y$O(B Adobe Reader / Acrobat 8.x $B$G$O=$@5$5$l$F$$$k!D!D$,!"(B8.x $B$K0\9T$G$-$k4D6-$O8B$i$l$F$$$k(B$B!#(B APSA07-01: Cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat (Adobe) $B$K$h$k$H!"(BAdobe Reader / Acrobat 7.0.9 Update $B$,Mh=5Cf$KEP>l$9$kLOMM!#(B

    For users who cannot upgrade to Reader 8, the Secure Software Engineering team is working with the Adobe Reader Engineering team on a 7.0.9 update to versions 7.0.8 and earlier of Adobe Reader and Acrobat that will resolve this issue, which is expected to be available in the next week.

    $B!!$3$N7g4Y$r2sHr$9$k$K$O!"(Bweb $B%V%i%&%6$K$*$$$F(B PDF $B%U%!%$%k$r(B Adobe Reader / Acrobat $B%W%i%0%$%s$K=hM}$5$;$J$$$h$&$K$9$l$P$h$$!#(B web $B%V%i%&%6B&$G@_Dj$9$kJ}K!$H!"(Bweb $B%5!<%PB&$G@_Dj$9$kJ}K!$,$"$k!#(B

    $B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B: 2007.01
    (Microsoft, 2007.01.05)

    • Windows: 3 $B7o!#:GBg?<9oEY$O!V6[5^!W(B
    • Windows / Visual Studio: 1 $B7o!#:GBg?<9oEY$O!V=EMW!W(B
    • Windows / Office: 1 $B7o!#:GBg?<9oEY$O!V=EMW!W(B
    • Office: 3 $B7o!#:GBg?<9oEY$O!V6[5^!W(B

    $B!!9g7W(B 8 $B7o$G$9$+!#2C$($F!"(B WSUS / Microsoft Update $B$G$O!V%;%-%e%j%F%#0J30$NM%@hEY$N9b$$99?7%W%m%0%i%`!W$,(B 2 $B7o$"$k$=$&$G$9!#(B

    2007.01.06 $BDI5-(B:

    $B!!!VEv=i8x3+$7$F$$$?;vA09pCN$NFbMF$rJQ99$7$^$7$?!W$N0l8@$G!"$:$$$V$sFbMF$,JQ99$5$l$^$7$?!#(B

    • Windows: 1 $B7o!#:GBg?<9oEY$O!V6[5^!W(B
    • Office: 3 $B7o!#:GBg?<9oEY$O!V6[5^!W(B

    $B!!9g7W(B 4 $B7o$HH>8:$7$F$7$^$$$^$7$?!#(B WSUS / Microsoft Update $B$G!V%;%-%e%j%F%#0J30$NM%@hEY$N9b$$99?7%W%m%0%i%`!W$,(B 2 $B7o8x3+$5$l$k!D!D$N$OJQ2=$"$j$^$;$s!#(B

    2007.01.10 $BDI5-(B:

    $B!!(B4 $B7o=P$^$7$?!#(B1 $B7n$N%;%-%e%j%F%#(B $B%j%j!<%9(B ($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog, 2007.01.10) $B$h$j(B:

    $B:#7n$N;vA09pCN$G$O!"Ev=i(B 8 $B7o$H$*CN$i$;$7$F$$$^$7$?$,!"(B4 $B7o$KJQ99$7$^$7$?!#(B $B$3$l$O!"99?7%W%m%0%i%`$NIJ

    2007.01.12 $BDI5-(B:

    $B!!(BDetection and deployment guidance for the January 9, 2007 security release (Microsoft)

    2007.01.16 $BDI5-(B:

    $B!!(B2007 $BG/(B 1 $B7n(B $B%;%-%e%j%F%#(B $B%j%j!<%9(B ISO $B%$%a!<%8(B (Microsoft)

    $B"#(B 2007.01.02

    $B"#(B 2007.01.01

    [$B%;%-%e%j%F%#%[!<%k(B memo]
    $B;d$K$D$$$F(B