$B%;%-%e%j%F%#%[!<%k(B memo - 2007.05

Last modified: Thu Aug 16 12:42:22 2007 +0900 (JST)

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B"#(B 2007.05.31

$B"#(B $BDI5-(B

Samba $B$KJ#?t$N7g4Y(B

$B!!4XO"(B: Samba $B$G$N%j%b!<%H(B $B%3!<%I (ISSKK)

$B"#(B [Clamav-announce] announcing ClamAV 0.90.3
(ClamAV, 2007.05.31)

$B!!!V(BThis release fixes some security bugs in libclamav$B!W$@$=$&$G$9!#(B $B$"$H!"(BClamAV 0.91rc1 $B$b=P$F$^$9!#(B

2007.06.11 $BDI5-(B:

$B!!(BCVE:

$B"#(B $B$$$m$$$m(B (2007.05.31)
(various)

2007.06.04 $BDI5-(B:

$B!!(BF-Secure Security Bulletin FSC-2007-4 $B$NF|K\8lHG=P$^$7$?!#(B

$B"#(B F-Secure Security Bulletin FSC-2007-3: Vulnerabilities in scanning of specially crafted archives and certain packed executables
(F-Secure, 2007.05.30)

$B!!(BF-Secure Anti-Virus $B$K7g4Y!#FCDj$N%"!<%+%$%V%U%!%$%k$d(B pack $B$5$l$?%U%!%$%k$K$h$C$F(B DoS $B>uBV$K$J$k!#(B CVE-2007-2967

$B!!<+F0E*$K99?7$5$l$F$$$k!#(B

2007.06.04 $BDI5-(B:

$B!!F|K\8lHG=P$^$7$?(B: $B%;%-%e%j%F%#4+9p(B FSC-2007-3$B$HBP:v(B: F-Secure $B%"%s%A%&%#%k%9@=IJ$r$4MxMQ$N$*5RMM$X(B ($BF|K\%(%U!&%;%-%e%"(B)

$B"#(B F-Secure Security Bulletin FSC-2007-2: IOCTL vulnerability in Real-time Scanning component of F-Secure workstation and file server products for Windows
(F-Secure, 2007.05.30)

$B!!(BWindows $BHG$N(B F-Secure Anti-Virus $B$K7g4Y!#%*%s%"%/%;%9%9%-%c%s$K7g4Y$,$"$j!"(Blocal user $B$,8"8B>e>:$G$-$kLOMM!#(B CVE-2007-2965

$B!!(BF-Secure AntiVirus / Internet Security 2005 $B!A(B 2007 $B$d(B F-Secure Protection Service for Consumers 5.00 $B!A(B 6.40 $B$K$*$$$F$O<+F0E*$K99?7$5$l$F$$$k!#(B $B$=$NB>$K$D$$$F$b=$@5%W%m%0%i%`$,MQ0U$5$l$F$$$k$N$GE,MQ$9$l$P$h$$!#(B

2007.06.04 $BDI5-(B:

$B!!F|K\8lHG=P$^$7$?(B: $B%;%-%e%j%F%#4+9p(B FSC-2007-2$B$HBP:v(B: F-Secure $B%"%s%A%&%#%k%9(B Windows$B@=IJ$r$4MxMQ$N$*5RMM$X(B $B!=(B $B=$@5%b%8%e!<%kE,MQ$N$*4j$$(B $B!=(B ($BF|K\%(%U!&%;%-%e%"(B)

$B"#(B F-Secure Security Bulletin FSC-2007-1: Buffer overflow vulnerability in handling of specially crafted LHA archives
(f-secure, 2007.05.30)

$B!!(BF-Secure Anti-Virus $B$K7g4Y!#(BLHA $B%"!<%+%$%V$N07$$$K7g4Y$,$"$j!"(B $B96N,(B LHA $B%"!<%+%$%V$K$h$C$FG$0U$N%3!<%I$rgzip 5 $BO"H/(B $B$N$&$A!"(BJVNVU#381508: gzip $B$N(B make_table() $B$NG[Ns=hM}$K$*$1$k@H (JVN) $B$NOC$i$7$$!#(B CVE-2007-2966

$B!!(BF-Secure AntiVirus / Internet Security 2005 $B!A(B 2007 $B$d(B F-Secure Protection Service for Consumers 5.00 $B!A(B 6.40 $B$K$*$$$F$O<+F0E*$K99?7$5$l$F$$$k!#(B $B$=$NB>$K$D$$$F$b=$@5%W%m%0%i%`$,MQ0U$5$l$F$$$k$N$GE,MQ$9$l$P$h$$!#(B F-Secure Anti-Virus for Linux Servers $B$H$+$O!":G?7HG$GD>$C$F$$$k$H$$$&$3$H$J$N$+$J$"!#(B

2007.06.04 $BDI5-(B:

$B!!F|K\8lHG=P$^$7$?(B: $B%;%-%e%j%F%#4+9p(B FSC-2007-1$B$HBP:v(B: F-Secure $B%"%s%A%&%#%k%9(B Windows$B@=IJ$r$4MxMQ$N$*5RMM$X(B $B!=(B $B=$@5%b%8%e!<%kE,MQ$N$*4j$$(B $B!=(B ($BF|K\%(%U!&%;%-%e%"(B)$B!#(B $BBP>]@=IJ$O(B Windows $BHG$@$1$G$O$J$$$N$G$9$,!D!DCf?HFI$s$G$^$9(B? > $BF|K\%(%U!&%;%-%e%"!#(B

$B"#(B Fixed in Firefox 2.0.0.4
(mozilla.org, 2007.05.31)

$B!!(BFirefox 2.0.0.4 $BEP>l!#(B5 $B$D$N7g4Y$,=$@5$5$l$F$$$^$9!#6b;R$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!$"$o$;$F=P$F$$$^$9(B:

$B!!(BThunderbird 2.0.0.4 $B$O!"$^$@=P$F$$$J$$$h$&$G$9!#(B

$B"#(B 2007.05.30

$B"#(B Security Update (QuickTime 7.1.6) $B$K$D$$$F(B
(Apple, 2007.05.29)

$B!!(BQuickTime 7.1.6 ($B0JA0(B?) $B$K(B 2 $B$D$N7g4Y!#(B

$B!!(BQuickTime 7.1.6 $B$KE,MQ$9$k(B patch $B$,8x3+$5$l$F$$$k(B: Windows, Mac

$B!!(BQuickTime 7.1.6 $B$G$N=$@5(B$B$,B-$j$J$+$C$?$H$$$&OC$J$N$+!"JL$N7g4Y$J$N$+$$$^$$$AITL@$@$J$"!#(B $B$"$H!"(BQuickTime 7.1.6 $B$G$OD>$C$F$J$5$2$J7g4Y$NOC(B (CVE-2007-2295, CVE-2007-2296) $B$O:#2s$bD>$C$F$J$$$s$@$m$&$"$J!#(B

2007.06.01 $BDI5-(B:

$B!!4XO"(B: Apple QuickTime $B$G$N%3!<%I (ISSKK)$B!#(BCVE-2007-2388 $B$N7o!#(B

$B"#(B Security Update 2007-005 $B$K$D$$$F(B
(Apple, 2007.05.24)

$B!!(BMac OS X 10.3.9 / 10.4.9 $BMQ$N%;%-%e%j%F%#=$@5(B patch $B!#(B

$B"#(B $BDI5-(B

KB937383 - Microsoft Update $B$^$?$O(B Windows Update $B$,=*N;$7$J$$(B

$B!!(BSvchost /MSI issue follow up: (WSUS Product Team Blog, 2007.05.15) $B$,=P$F$^$7$?!#(B

$B"#(B 2007.05.29

$B"#(B 2007.05.28

$B"#(B 2007.05.27

$B"#(B Security Vulnerabilities in the SOCKS Module of Sun Java System Web Proxy Server 4.0
(Sun, 2007.05.25)

$B!!(BSun Java System Web Proxy Server 4.0.4 $B0JA0$K7g4Y!#(B socks $B%5!<%P

$B!!(BSun Java System Web Proxy Server 4.0.5 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B 2007.05.26

$B"#(B $BDI5-(B

$B56BP:v%=%U%H$b%P!<%8%g%s%"%C%W!"F|K\8l$N(B2007$BG/HG$,EP>l(B

$B!!(Bhttp://jp.winantivirus.com/download/2007/ $B$K$"$k$=$&$G$9!#$H$K$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2007.05.25

$B"#(B $BDI5-(B

Advisory: Malicious torrent files can execute arbitrary code in Opera

$B!!(BiDefense Security Advisory 05.23.07: Opera Software Opera Web Browser Transfer Item Pop-up Menu Stack Overflow Vulnerability

$B"#(B $B$$$m$$$m(B (2007.05.25)
(various)

$B"#(B 933215 - Symantec AntiVirus cannot detect viruses after you install a hotfix on a computer that is running Windows Server 2003 or Windows XP SP2
(Microsoft, 2007.05.18)

$B!!(BWindows XP SP2 / Server 2003 $B$K(B 922582 - Microsoft Windows $B%Y!<%9$N%3%s%T%e!<%?$r99?7$9$k$H$-$K%(%i!<(B $B%a%C%;!<%8(B "0x80070002" $B$,I=<($5$l$k(B (Microsoft) $B$N(B patch $B$rE,MQ$9$k$H!"(B

$B>l9g$K!"$=$N0E9f2=$5$l$?%U%!%$%k$K$O(B Symantec AntiVirus $B$K$h$k%A%'%C%/$,$&$^$/F/$+$J$$$H$$$&OC!#(B

$B!!(Bpatch $B$O(B Microsoft $B$NM-=~%5%]!<%H$+$iF~

$B"#(B $B56BP:v%=%U%H$b%P!<%8%g%s%"%C%W!"F|K\8l$N(B2007$BG/HG$,EP>l(B
(ITmedia, 2007.05.24)

$B!!(BWinAntiVirus Pro 2007 $BF|K\8lHG$@$=$&$G$9!#F1$8%=!<%9$+$i$N5-;v(B:

$B!!$I$&$9$l$PF|K\8lHG(B 2007 $B$J%Z!<%8$K$?$I$j$D$1$k$N$@$m$&!D!D!#(B

2007.05.26 $BDI5-(B:

$B!!(Bhttp://jp.winantivirus.com/download/2007/ $B$K$"$k$=$&$G$9!#$H$K$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2007.05.24

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2007.04.24)

$B!!%^%+%U%#!<$M$?$N(B VSE 8.0i $B$NOC!"$J$<$+:#$4$mF|K\8lHG$,=P$F$$$^$9!#F?L>4uK>$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B IETF$B!$Aw?.%I%a%$%sG'>Z5;=Q!V(BDKIM$B!W$rI8=`0F$H$7$F>5G'(B
($BF|7P(B IT Pro, 2007.05.24)

$B!!(BDKIM (RFC 4871) $B$,(B Proposed Standard $B$K$J$C$?$=$&$G$9!#(B

$B"#(B 2007.05.23

$B"#(B $BDI5-(B

KB937383 - Microsoft Update $B$^$?$O(B Windows Update $B$,=*N;$7$J$$(B

$B!!(BKB927891 $B=$@5%W%m%0%i%`!"M=9p$I$*$j(B WSUS $B$GN.$l$F$^$9$M!#:F5/F0$rB%$5$l$^$7$?!#(B

$B!!(B$B%^%$%/%m%=%U%H%;%-%e%j%F%#%"%I%P%$%6%j(B (927891) Windows $B%$%s%9%H!<%i(B (MSI) $B$N=$@5(B $B$b=P$F$$$^$9!#(B KB927891 - You receive an access violation error and the system may appear to become unresponsive when you try to install an update from Windows Update or from Microsoft Update (rev.8.0) $B$K$O$3$s$J5-=R$,(B:

To resolve this problem, you must install this update together with the Windows Update Automatic Client 3.0. The Windows Update Automatic Client 3.0 will automatically be released through Automatic Updates by June 30, 2007. The updated Windows Client changes the thread modeling to move MSI scans to a thread that is separate from the user interface.

$B!!(B6/30 (US $B;~4V$@$m$&(B) $B$K<+F099?7$GN.$l$F$/$k$h$&$G$9!#(B

$B!!$"$H!"(BWindows 2000 $BMQ$N(B KB927891 $B=$@5%W%m%0%i%`$b7k6IG[I[$5$l$F$$$k$h$&$G$9!#(BWSUS $B$GN.$l$F$-$F$^$7$?$7!"%@%&%s%m!<%I%;%s%?!<$K$b$"$j$^$9(B: Windows 2000 $BMQ$N99?7%W%m%0%i%`(B (KB927891) (Microsoft)$B!#(BJubilee $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (937696) Microsoft Office Isolated Conversion Environment (MOICE) $B$*$h$S(B Microsoft Office $B8~$1%U%!%$%k(B $B%V%m%C%/5!G=$N8x3+(B

$B!!4XO"(B: Two Advisories on Non-Security Updates (MSRC blog, 2007.05.22)

$B"#(B GS07-01 Full-Width and Half-Width Unicode Encoding IDS/IPS/WAF Bypass Vulnerability
(gamasec.net, 2007.04.14)

$B!!(BUNICODE $B$K4^$^$l$kA43QJ8;z(B ($BA43Q1Q?t$J$I!"(BFULLWIDTH xx) $B$dH>3QJ8;z(B ($BH>3Q%+%J$J$I!"(BHALFWIDTH xx) (FF00-FFEF) $B$r;H$&$H!"(BIDS $B$d(B IPS $B$d(B WAF $B$r2sHr$G$-$k$H$$$&OC!#(B Checkpoint, ISS, Cisco, 3com $B$,$R$C$+$+$C$F$$$kLOMM!#(B $B$b$H$b$H(B JIS X 0201 $B$d(B JIS X 0208 $B$K4^$^$l$F$$$?J8;z$NB>$K$b!"%O%s%0%k$H$+$bF~$C$F$^$9$M!#(B $BF|K\?M$d4Z9q?M$G$J$$?M$K$O$J$8$_$N$J$$J8;z$G$9$+$M!"$d$C$Q$j!#(B

$B"#(B $B$$$m$$$m(B (2007.05.23)
(various)

$B"#(B 2007.05.22

$B"#(B $B!V0-$$$&$5$.!W$rI=<($9$k%&%$%k%9!"(BOpenOffice$B$N%^%/%m5!G=$r0-MQ(B
($BF|7P(B IT Pro, 2007.05.22)

$B!!(BBadBunny seen in "the wild" - OpenOffice multiplatform macro worm discovered (Sophos, 2007.05.21) $B$NOC!#(B

$B:#2s$N%&%$%k%9$O!"J#?t$N(BOS$B>e$GF0:n$9$k$3$H$,FCD'!#(BOpenOffice.org$B$N%^%/%m5!G=$r0-MQ$9$k$N$G!"(BOpenOffice.org$B$,%$%s%9%H!<%k$5$l$F$$$k4D6-$J$i!"(BOS$B$K$+$+$o$i$:F0:n$9$k!#6qBNE*$K$O!"(BWindows$B$H(BMac OS$B!"(BLinux$B$N$$$:$l$G$bF0:n$9$k!#(B

$B!!$5$9$,$O(B OpenOffice.org $B$G$9$M!#$9$P$i$7$$$G$9!#(B

2007.05.25 $BDI5-(B:

$B!!F|7P(B IT Pro $B5-;v$K$O(B

$B%&%$%k%9$,;E9~$^$l$?J8=q%U%!%$%k$r3+$/$H!"%"%@%k%H2hA|$,%@%&%s%m!<%I$5$l$FI=<($5$l$k$H$$$&!#(B

$B$H$"$k$o$1$G$9$,!"(BSB.Badbunny (Symantec) $B$KEv3:2hA|$N(B URL $B$,=P$F$^$9$M!#3N$+$K%"%@%k%H2hA|$@$J$"!#(B

$B!!(BJavaScript $B$d(B Perl $B$d(B Ruby $B$d(B IRC $B$r;H$&$N$G$9$+!D!D!#$*$^$1$K%"%s%A%&%$%k%9%Y%s%@!<%5%$%H$K(B ping $B$G$9$+!#(B

2007.06.11 $BDI5-(B:

$B!!%(%m$&$5$.!"Mac$B!"(BLinux$B!"(BWindows$B$K46@w$9$k(BOpenOffice$B%o!<%`(B--$B%;%-%e%j%F%#4k6H$,7Y9p(B (CNET, 2007.06.11)

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (937696) Microsoft Office Isolated Conversion Environment (MOICE) $B$*$h$S(B Microsoft Office $B8~$1%U%!%$%k(B $B%V%m%C%/5!G=$N8x3+(B
(Microsoft, 2007.05.22)

$B!!!V(BMicrosoft Office Isolated Conversion Environment (MOICE): Open XML$B%U%)!<%^%C%H$X$NJQ49%=%U%H!W$H!V(BOffice 2003 / 2007 $B$G;H$($k%U%!%$%k%V%m%C%/5!G=!W$,EP>l$7$?$=$&$G$9!#$7$+$7F|K\8l$,$o$1$o$+$i$s$N$G26K]Lu(B:

2007.05.23 $BDI5-(B:

$B!!4XO"(B: Two Advisories on Non-Security Updates (MSRC blog, 2007.05.22)

$B"#(B Advisory: Malicious torrent files can execute arbitrary code in Opera
(Opera.com, 2007.05.21)

$B!!(BOpera 9.x $B$K7g4Y!#(Btorrent $B%U%!%$%k$N=hM}$K$*$$$F(B buffer overflow $B$9$k7g4Y$,$"$j!"96N,(B torrent $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rl9g$K$N$_H/F0$9$k!#(B

$B!!(BOpera 9.21 $B$G=$@5$5$l$F$$$k!#(B

$B!!4XO"(B: How can I disable the BitTorrent client in Opera? (opera.com)

2007.05.25 $BDI5-(B:

$B!!(BiDefense Security Advisory 05.23.07: Opera Software Opera Web Browser Transfer Item Pop-up Menu Stack Overflow Vulnerability

$B"#(B 2007.05.21

$B"#(B InterScan Messaging Security Suite 5.11 Solaris / Linux$BMQ(B Security Patch $B8x3+$N$*CN$i$;(B
($B%H%l%s%I%^%$%/%m(B, 2007.05.21)

$B!!(B[SECURITY] OpenSSL 0.9.8c and 0.9.7k released $B$NOC$G$9$+!D!D!#$$$C$=(B IMSS 7 $B$K0\9T$7$?J}$,$$$$$N$+$J$"!#(B

$B"#(B $BDI5-(B

KB937383 - Microsoft Update $B$^$?$O(B Windows Update $B$,=*N;$7$J$$(B

$B!!4XO"(B: $B<+F099?7$J$I$G(BCPU$BIi2Y$,(B100$B!s$K$J$kIT6q9g$r=$@5$9$k(B (@IT, 2007.05.18)

$B!!0J2<$N(BBBS$B$NJs9p$J$I$K$h$k$H!">e5-$NA`:n8e!"$5$i$K(B%windir%$B%U%)%k%@$K$"$k(BWindows Update.log$B$d(BWindowsUpdate.log$B%U%!%$%k$r:o=|$9$k$H!"%9%-%c%s;~$NIi2Y$,2<$,$k$H$NJs9p$,$"$k!#(B

* $B$3$NLdBj$K4X$9$k%G%#%9%+%C%7%g%s!&%9%l%C%I(B$B!J(BHotFix Report BBS$B!K(B

$B!!(BWUA $B$,%m%0%U%!%$%k$r2r@O$7$F$?$j$9$k$s$@$m$&$+!D!D!#(B

$B"#(B https$B$@$H;W$C$F$?$i(Bhttp$B$GDL?.$9$k$3$H$K$J$k$h$&$J>l9g!"(BFirefox$B$O%-%c%s%;%k$G$-$J$$$3$H$,B?$$(B
(muumoo.jp, 2007.02.07 (info from $B?eL57n$P$1$i$N$($SF|5-(B))

$B!!(BFirefox 2.0.0.3 $B$G(B about:config $B$9$k$H$3$s$J$N$,=P$^$9!#(B

$B!!$H$j$"$($:A4It%A%'%C%/$7$F!"(Bhttp://www.microsoft.com $B$r%V%i%&%:$7$F$$$k>uBV$G(B https://www.microsoft.com $B$r%V%i%&%:$7$h$&$H$9$k$H!"$3$s$J7Y9p$,=P$^$9!#(B

$B!!(Bhttps://www.microsoft.com $B$r%V%i%&%:$7$F$$$k>uBV$G(B http://www.microsoft.com $B$r%V%i%&%:$7$h$&$H$9$k>l9g$O$3$&$G$9!#(B

$B!!$I$A$i$b!V7Y9p(B OFF$B!W$,%G%U%)%k%H$G!"$*$^$1$K!VKh2s7Y9p$9$k!W$r%A%'%C%/$7$F(B ok $B$7$J$$$H!"0J8e$O7Y9p$,>C$($F$7$^$$$^$9!#$3$l$rKI;_$9$k$K$O!"(B security.$B$J$s$H$+(B.show_once $B$r(B false $B$K@_Dj$9$l$P$h$$$h$&$G$9!#(Bfalse $B$@$H!"%A%'%C%/$5$l$?>uBV$,%G%U%)%k%H$K$J$k$h$&$G$9!#(B

$B!!$H$$$&$o$1$G!"$3$s$J46$8$K$9$k$H!"ItJ,E*$K$O2~A1$5$l$k$h$&$G$9!#(B

$B!!B>$K$b2~A1@_Dj$,$"$C$?$i65$($F$/$@$5$$(B _o_$B!#(B $B!V(BHTTPS $B$J%Z!<%8$+$i(B JSONP $B$G(B HTTP $BDL?.$7$F$$$F$b!D!D!W$H$$$&$N$r3NG'$G$-$k$k$h$&$J%G%b%5%$%H$,$I$3$+$K$J$$$+$7$i$s!#(B

$B"#(B 2007.05.19

$B"#(B 2007.05.18

$B"#(B Workaround available for security vulnerability caused by installing Adobe Version Cue CS3 Server on some Mac systems
(Adobe, 2007.05.16)

$B!!(BAdobe Version Cue CS3 $B%5!<%P$r(B Mac OS X $B$K%$%s%9%H!<%k$9$k$H!"(BMac OS X $B$N%Q!<%=%J%k%U%!%$%"%&%)!<%k$,L58z$K$J$C$F$7$^$&$H$$$&OC!#(BCVE-2007-2682$B!#%$%s%9%H!<%k8e$K%Q!<%=%J%k%U%!%$%"%&%)!<%k$r

$B"#(B [SA25300] CA BrightStor ARCserve Backup Two Denial of Service Vulnerabilities
(secunia, 2007.05.17)

$B!!(BBrightStor ARCserve Backup 11.x $B$K(B 2 $B$D$N(B DoS $B7g4Y!#(B Mediasvr.exe $B$H(B caloggerd.exe $B$,(B DoS $B967b$r

$B!!8=;~E@$G$O=$@5%W%m%0%i%`$O$^$@$J$$$h$&$@!#(B CA $B$O(B ren mediasvr.exe mediasvc.exe.disable $B$7$F$+$i(B CA BrightStor Tape Engine $B%5!<%S%9$r:F5/F0$9$k$3$H$r?d>)$7$F$$$k!#(B

$B"#(B SYM07-007: Symantec Norton Personal Firewall 2004 $B$N(B ActiveX $B%3%s%H%m!<%k$K%P%C%U%!!&%*!<%P!<%U%m!<$N@H
($B%7%^%s%F%C%/(B, 2007.05.16)

$B!!(BNorton Personal Firewall 2004, Norton Internet Security 2004 $B$KIUB0$9$k(B ActiveX $B%3%s%H%m!<%k(B (ISLALERT.DLL) $B$K(B buffer overflow $B$9$k7g4Y$,$"$j!"96N,(B web $B%Z!<%8$,G$0U$N%3!<%I$rCVE-2007-1689

$B!!(BLiveUpdate $B$r;H$C$F:G?7$K99?7$9$l$P=$@5$5$l$k!#(B $B;dE*$K$O$`$7$m!"(BNIS 2004 $B$,$$$^$@$K0];}$5$l$F$$$k$3$H$NJ}$,6C$-$@!#(B

$B"#(B 2007.05.17

$B"#(B $B;vA0DLCN$NFbMFJQ99$H%;%-%e%j%F%#>pJs$N%G%6%$%sJQ99(B
($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog, 2007.05.17)

$B!!Mh7n$+$i$@$=$&$G$9!#(B$B%5%s%W%k(B$B!#(B $B3N$+$K8+$d$9$/$J$C$F$$$k$H;W$$$^$9!#(B

$B"#(B $BDI5-(B

Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (931768) (MS07-027)

$B!!(Bpatch $B$rE,MQ$9$k$H!"(BIE 7 $B$K$*$$$F!"(B"Temporary Internet Files" $B$,$U$D$&$G$O$J$$>l=j$K$"$k(B ($B%G%U%)%k%H$N0LCV$+$iJL$N>l=j$K0\F0$5$;$F$$$k(B) $B>l9g$KIT6q9g$,H/@8$9$k$3$H$,$"$kLOMM!#(B

$B!!(BVista $B$N>l9g$NH/@8>r7o$O(B:

  • "Temporary Internet Files" $B$,%f!<%6%U%)%k%@3,AX$N30$K$"$k(B ($BNc(B: $BJL$N%\%j%e!<%`$K0\F0$5$;$F$$$k(B)
  • Phishing Filter $B$,M-8z(B
  • Protected mode $B$,M-8z(B

$B!!(BWindows XP / Server 2003 $B$N>l9g$O!"0J2<$N$I$A$i$+$,M-8z$J>l9g$KH/@8$9$kLOMM(B:

  • "Temporary Internet Files" $B$r4^$`%U%)%k%@3,AX$,:o=|$5$l$F$$$k(B
  • "Temporary Internet Files" $B$N%Q!<%_%C%7%g%s$,JQ99$5$l$F$$$k(B

$B!!2sHr:v$,5-:\$5$l$F$$$k$N$G;2>H$5$l$?$$!#(B

$B"#(B 2007.05.16

$B"#(B $BDI5-(B

About the security content of QuickTime 7.1.3

$B!!$$$D$N$^$K$+!"(B About the security content of QuickTime 7.1.3 $B$N1Q8lHG(B$B$K$@$1(B CVE-2007-0754 $B$,DI2C$5$l$F$$$k!#(B TPTI-07-07: Apple QuickTime STSD Parsing Heap Overflow Vulnerability $B$N7o!#(B

$B"#(B JVN#81294906: $B%[!<%`%Z!<%8!&%S%k%@!
(JVN, 2007.05.16)

$B!!(BIBM $B%[!<%`%Z!<%8!&%S%k%@!<(B 2000 / 2001 / V6 $B!A(B V11 $B$K7g4Y!#(B $BIUB0$9$k%5%s%W%k(B CGI $B%W%m%0%i%`$K7g4Y$,$"$j!"(BOS $B%3%^%s%I%$%s%8%'%/%7%g%s$r>7$/!#(Bcadz $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!(B$B%[!<%`%Z!<%8!&%S%k%@!<$N%5%s%W%k(BCGI$B$N@H (IBM) $B$K$*$$$F!"=$@5J}K!$H=$@5%W%m%0%i%`$,8x3+$5$l$F$$$k!#(B

$B"#(B $BDI5-(B

Samba $B$KJ#?t$N7g4Y(B

$B4XO"(B:

$B"#(B 2007.05.15

$B"#(B $B$$$m$$$m(B (2007.05.15)
(various)

$B"#(B Samba $B$KJ#?t$N7g4Y(B
(samba.org, 2007.05.14)

$B!!(BSamba 3.x $B$KJ#?t$N7g4Y$,B8:_$9$k(B ($BCm(B: Samba 2.x $B$NJ]

$B!!$3$l$i$N7g4Y$O(B Samba 3.0.25 $B$G=$@5$5$l$F$$$k!#(B $B$?$@$7(B Samba 3.0.25 $B$K$O;EMMJQ99$b4^$^$l$F$$$k$=$&$J$N$G$4Cm0U$r!#(B

2007.05.31 $BDI5-(B:

$B!!4XO"(B: Samba $B$G$N%j%b!<%H(B $B%3!<%I (ISSKK)

2007.06.03 $BDI5-(B:

$B!!(BSamba Update (Symantec blog, 2007.06.01)$B!#(B

$B"#(B 2007.05.14

$B"#(B $BDI5-(B

Windows $B%+!<%M%k$N@H:3J$5$l$k(B (931784) (MS07-022)

$B!!(BWindows $B%+!<%M%k$N@H:3J$5$l$k(B (931784) (MS07-022) (eEye / $B=;>&>pJs%7%9%F%`(B)$B!#9b66$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

CSRSS $B$N@H

$B!!(BCSRSS $B$N@H (eEye / $B=;>&>pJs%7%9%F%`(B)$B!#9b66$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2007.05.13

$B"#(B 2007.05.12

$B"#(B 2007.05.11

$B"#(B KB937383 - Microsoft Update $B$^$?$O(B Windows Update $B$,=*N;$7$J$$(B
(Microsoft, 2007.05.11)

$B!!(BOffice 2003 $B$r%$%s%9%H!<%k$7$F$"$k(B Windows $B$G<+F099?7$d(B Windows Update / Microsoft Update $B$ru67$K$J$k$h$&$G$9!#(B $B$3$N$"$?$j$G5DO@$5$l$F$$$kOC(B:

$B!!(BWSUS$BG[2<$G(BCPU$B;HMQN((B100% $B$N$$$o$5$5$s$NEj9F$,$h$/$^$H$^$C$F$$$^$9(B ($B86J8%^%^(B)$B!#(B

$B!&K\7o$O(BOffice2003$B$N4D6-$GH/@8$9$k!#(B
$B!&A4@$3&$GH/@8$7$F$$$k(B
$B!&(BOffice2003$B$N=$@5%W%m%0%i%`%j%9%H$,D9$$$N$b860x$N0lIt(B
$B!&(Bwu$B%/%i%$%"%s%H$,=$@5$b%8%e!<%k$r2r@O$9$k$N$K%Q%o!<$r?)$C$F$$$k!#(B
$B!&$3$N$H$-(Bwu$B%/%i%$%"%s%H$O(Bsvchost.exe$B$NG[2<$GAv$k$?$a!"(Bsvchost$BG[2<$N$9$Y$F$N%W%m%;%9$K1F6A$9$k!#(B

$B!!2r7hJ}K!$O!"(BKB927891 $B=$@5%W%m%0%i%`$H(B Windows Update Agent (WUA) 3.0 client $B$NN>J}$r%$%s%9%H!<%k$9$k$3$H!#(B $B$?$@$7(B Windows 2000 $B$N>l9g$O(B WUA 3.0 client $B$N$_$NBP1~$H$J$k!#(B WUA 3.0 client $B$O(B KB937383 $B$+$iF~!"(B2007.05.22 (US $B;~4V$@$m$&(B) $B$K$O(B WSUS $B7PM3$G$bMxMQ$G$-$k$h$&$K$J$kLOMM!#(B

2007.05.21 $BDI5-(B:

$B!!4XO"(B: $B<+F099?7$J$I$G(BCPU$BIi2Y$,(B100$B!s$K$J$kIT6q9g$r=$@5$9$k(B (@IT, 2007.05.18)

$B!!0J2<$N(BBBS$B$NJs9p$J$I$K$h$k$H!">e5-$NA`:n8e!"$5$i$K(B%windir%$B%U%)%k%@$K$"$k(BWindows Update.log$B$d(BWindowsUpdate.log$B%U%!%$%k$r:o=|$9$k$H!"%9%-%c%s;~$NIi2Y$,2<$,$k$H$NJs9p$,$"$k!#(B

* $B$3$NLdBj$K4X$9$k%G%#%9%+%C%7%g%s!&%9%l%C%I(B$B!J(BHotFix Report BBS$B!K(B

$B!!(BWUA $B$,%m%0%U%!%$%k$r2r@O$7$F$?$j$9$k$s$@$m$&$+!D!D!#(B

2007.05.23 $BDI5-(B:

$B!!(BKB927891 $B=$@5%W%m%0%i%`!"M=9p$I$*$j(B WSUS $B$GN.$l$F$^$9$M!#:F5/F0$rB%$5$l$^$7$?!#(B

$B!!(B$B%^%$%/%m%=%U%H%;%-%e%j%F%#%"%I%P%$%6%j(B (927891) Windows $B%$%s%9%H!<%i(B (MSI) $B$N=$@5(B $B$b=P$F$$$^$9!#(B KB927891 - You receive an access violation error and the system may appear to become unresponsive when you try to install an update from Windows Update or from Microsoft Update (rev.8.0) $B$K$O$3$s$J5-=R$,(B:

To resolve this problem, you must install this update together with the Windows Update Automatic Client 3.0. The Windows Update Automatic Client 3.0 will automatically be released through Automatic Updates by June 30, 2007. The updated Windows Client changes the thread modeling to move MSI scans to a thread that is separate from the user interface.

$B!!(B6/30 (US $B;~4V$@$m$&(B) $B$K<+F099?7$GN.$l$F$/$k$h$&$G$9!#(B

$B!!$"$H!"(BWindows 2000 $BMQ$N(B KB927891 $B=$@5%W%m%0%i%`$b7k6IG[I[$5$l$F$$$k$h$&$G$9!#(BWSUS $B$GN.$l$F$-$F$^$7$?$7!"%@%&%s%m!<%I%;%s%?!<$K$b$"$j$^$9(B: Windows 2000 $BMQ$N99?7%W%m%0%i%`(B (KB927891) (Microsoft)$B!#(BJubilee $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2007.05.30 $BDI5-(B:

$B!!(BSvchost /MSI issue follow up: (WSUS Product Team Blog, 2007.05.15) $B$,=P$F$^$7$?!#(B

$B"#(B $BDI5-(B

SYM07-005 : Symantec COM object security bypass

$B!!F|K\8lHG(B: SYM07-005 : $B%7%^%s%F%C%/@=IJ$K(B COM $B%*%V%8%'%/%H$,%;%-%e%j%F%#$r2sHr$9$k@H ($B%7%^%s%F%C%/(B)

Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (931768) (MS07-027)

$B!!(BPoC: MS07-027 mdsauth.dll NMSA Session Description Object SaveAs control, arbitrary file modification (milw0rm)$B!#$3$s$J$K$U$D$&$KF0$/$b$N$@$C$?$N$+!#(B

McAfee Security Center IsOldAppInstalled ActiveX Buffer Overflow Vulnerability

$B!!(BPoC: McAfee Security Center IsOldAppInstalled ActiveX Buffer Overflow Vulnerability (milw0rm)

$B"#(B 2007.05.10

$B"#(B JVN#44724673: Java Web Start $B$K$*$$$F5v2D$5$l$F$$$J$$%7%9%F%`%/%i%9$,
(JVN, 2007.05.08)

$B!!(BSDK / JRE 1.4.2 Update 13 $B0JA0!"(BJDK / JRE 5 Update 10 $B0JA0$K4^$^$l$k(B Java Web Start $B$K7g4Y!#?.Mj$5$l$F$$$J$$%"%W%j%1!<%7%g%s$,(B local file $B$rFI$_=q$-$G$-$?$j!"G$0U$N%3!<%I$rCVE-2007-2435

$B!!(BSDK / JRE 1.4.2 Update 14$B!"(BJDK / JRE 5 Update 11 $B$G=$@5$5$l$F$$$k!#(B $B$J$*!"(BSDK/ JDK/ JRE $B$N?7$7$$%P!<%8%g%s$r%$%s%9%H!<%k$7$F$b8E$$%P!<%8%g%s$O;D$j$D$E$1$k$N$GCm0U$5$l$?$$!#8E$$%P!<%8%g%s$OL@<(E*$K:o=|$7$J$1$l$P$J$i$J$$!#(B

2007.07.15 $BDI5-(B:

$B!!(BJDK / JRE 5 Update 6 $B0J9_$d(B JDK / JRE 6 $B$G$O!"8E$$%P!<%8%g%s$N(B JRE $B$r;X<($5$l$?>l9g$N07$$$,2~A1$5$l$F$*$j!":G?7HG$r%$%s%9%H!<%k$5$($9$l$P$h$$$h$&$@!#(B $BB3!&8|@8O+F/>J$N@H ($B9bLZ9@8w!w<+Bp$NF|5-(B, 7/10) $B$N!V(BJava Update$B$7$F$b8E$$(BJRE$B$,>C$($J$$LdBj!W$r;2>H!#(B

$B!!%;%-%e%j%F%#%Y!<%9%i%$%s$K$I$N$h$&$J%P!<%8%g%s$,;XDj$5$l$F$$$k$N$+$O!"(BJava SE $B$N%j%j!<%9%N!<%H$KL@5-$5$l$F$$$k!#$?$H$($P(B Java SE 6 Update Release Notes (Sun) $B$N!V(B1.6.0_02 $B$G$NJQ99E@(B$B!W$r8+$k$H!"(B $B$3$s$JI=$,$"$k!#(B

JRE Family Version Security Baseline
5.0 1.5.0_12
1.4.2 1.4.2_14

$B"#(B SYM07-005 : Symantec COM object security bypass
(Symantec, 2007.05.09)

$B!!(BNorton AntiVirus 2005 / 2006, Norton Internet Security 2005 / 2006, Norton System Works 2005 / 2006 $B$K7g4Y!#(BNAVOPTS.DLL ActiveX $B%3%s%H%m!<%k$K7g4Y$,$"$j!"96N,(B web $B%5%$%H$K%"%/%;%9$9$k$HG$0U$N%3!<%I$rCVE-2006-3456

$B!!BP1~$9$k$K$O!"(BLiveUpdate $B$G:G?7HG$K99?7$9$l$P$h$$!#4XO"(B:

2007.05.11 $BDI5-(B:

$B!!F|K\8lHG(B: SYM07-005 : $B%7%^%s%F%C%/@=IJ$K(B COM $B%*%V%8%'%/%H$,%;%-%e%j%F%#$r2sHr$9$k@H ($B%7%^%s%F%C%/(B)

$B"#(B McAfee Security Center IsOldAppInstalled ActiveX Buffer Overflow Vulnerability
(iDefense, 2007.05.08)

$B!!%^%+%U%#!<$N%3%s%7%e!<%^8~$1%"%s%A%&%$%k%9%W%m%@%/%H$GMxMQ$5$l$F$$$k!"(B$B%^%+%U%#!<(B $B%;%-%e%j%F%#%;%s%?!<(B $B$K7g4Y!#(BIsOldAppInstalled ActiveX $B$K(B buffer overflow $B$9$k7g4Y$,$"$j!"96N,(B web $B%5%$%H$K%"%/%;%9$9$k$HG$0U$N%3!<%I$r

$B!!(BSecurityCenter 7.2.147 / 6.0.25 $B$G=$@5$5$l$F$$$k!#(B McAfee Security Bulletin: McAfee SecurityCenter 7.2.147 or higher fixes vulnerability (McAfee) $B$r;2>H!#(B $BMxMQ

2007.05.11 $BDI5-(B:

$B!!(BPoC: McAfee Security Center IsOldAppInstalled ActiveX Buffer Overflow Vulnerability (milw0rm)

$B"#(B Cisco Security Advisory: Multiple Vulnerabilities in the IOS FTP Server
(Cisco, 2007.05.10)

$B!!(BCisco IOS $B$N(B FTP $B%5!<%P5!G=$KJ#?t$N7g4Y!#(Bremote $B$+$i(B IOS $B$N%G%P%$%9%U%!%$%k%7%9%F%`$KL5G'>Z$G%"%/%;%9$7!"@_Dj%U%!%$%k$rFI$_=q$-$7$?$jG$0U$N%3!<%I$r

$B!!(BFTP $B%5!<%P5!G=$rL58z$K$9$l$P2sHr$G$-$k(B ($B%G%U%)%k%H$OL58z(B)$B!#(B

$B"#(B $BDI5-(B

$B%H%l%s%I%^%$%/%m(B ServerProtect 5.58 for Windows $B$K(B 2 $B$D$N7g4Y(B ($BF|K\8l(B patch $B=P$F$^$7$?(B _o_)

$B!!(B[Full-disclosure] ZDI-07-025: Trend Micro ServerProtect AgRpcCln.dll Stack Overflow Vulnerabilit $B$N(B CVE $BHV9f$r(B CVE-2007-2528 $B$K=$@5$7$?!#(B

New PHP releases
  • CVE-2007-2511: Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.
  • CVE-2007-2510: Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.
  • CVE-2007-2509: CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
  • CVE-2007-1864: Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.
Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (931768) (MS07-027)

$B!!(B931768 - MS07-027: Cumulative Security Update for Internet Explorer (Microsoft) $B$K!"(Bpatch $B$rE,MQ$9$k$H$$$C$7$g$K=$@5$5$l$k9`L\$N0lMw$,$"$k!#(B $BFC$K1F6A$,Bg$-$=$&$J$N$O!"(B 934819 - FIX: After you install Internet Explorer 7, the Inetinfo.exe process may stop responding on a computer that is running both Windows Server 2003 Service Pack 1 and IIS 6.0 $B$H$+(B 932600 - In some scenarios, you must remove Windows Server 2003 SP2 before you upgrade to the full retail version of Windows Small Business Server 2003 or before you migrate to Windows Server 2003 $B$+$J$"!#(B GDR $BHG$G=$@5$5$l$k$N$GCm0U!#(B

2007$BG/(B5$B7n$N%;%-%e%j%F%#%j%j!<%9M=Dj(B

$B!!$^$H$a%Z!<%8(B:

$B"#(B 2007.05.09

$B"#(B Windows DNS $B$N(B RPC $B%$%s%?!<%U%'%$%9$N@H
(Microsoft, 2007.05.09)

$B!!(BWindows 2000 Server / Server 2003 $B$K7g4Y!#(B$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (935964) Windows DNS $B%5!<%P!<(B $B$N(B RPC $B$N@H$B$N7o!#(BCVE-2007-1748

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

2007.06.29 $BDI5-(B:

$B!!(BLessons Learned from MS07-029: The DNS RPC Interface Buffer Overrun (The Security Development Lifecycle blog, 2007.06.28)

$B"#(B CAPICOM $B$N@H
(Microsoft, 2007.05.09)

$B!!(BCryptographic API Component Object Model (CAPICOM) $B$*$h$S(B BizTalk 2004 $B$K7g4Y!#(B CAPICOM.dll ActiveX $B%3%s%H%m!<%k$K7g4Y$,$"$j!"96N,(B web $B%Z!<%8$,G$0U$N%3!<%I$rCVE-2007-0940

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#$?$@$7$3$N(B patch $B$O!"8E$$(B ($B7g4Y$N$"$k(B) CAPICOM.dll $B$r:o=|$O$7$J$$$N$GCm0U!#(B 5$B7n$N%;%-%e%j%F%#%j%j!<%9(B ($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog) $B$N2r@b$r;2>H!#(B

$B"#(B Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (931768) (MS07-027)
(Microsoft, 2007.05.09)

$B!!(BInternet Explorer 5.01 SP4 / 6.0 SP1 / 6.0 SP2 / 7 $B$KJ#?t$N7g4Y!#(B

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(Bpatch $B$O$^$?!"

2007.05.10 $BDI5-(B:

$B!!(B931768 - MS07-027: Cumulative Security Update for Internet Explorer (Microsoft) $B$K!"(Bpatch $B$rE,MQ$9$k$H$$$C$7$g$K=$@5$5$l$k9`L\$N0lMw$,$"$k!#(B $BFC$K1F6A$,Bg$-$=$&$J$N$O!"(B 934819 - FIX: After you install Internet Explorer 7, the Inetinfo.exe process may stop responding on a computer that is running both Windows Server 2003 Service Pack 1 and IIS 6.0 $B$H$+(B 932600 - In some scenarios, you must remove Windows Server 2003 SP2 before you upgrade to the full retail version of Windows Small Business Server 2003 or before you migrate to Windows Server 2003 $B$+$J$"!#(B GDR $BHG$G=$@5$5$l$k$N$GCm0U!#(B

2007.05.11 $BDI5-(B:

$B!!(BPoC: MS07-027 mdsauth.dll NMSA Session Description Object SaveAs control, arbitrary file modification (milw0rm)$B!#$3$s$J$K$U$D$&$KF0$/$b$N$@$C$?$N$+!#(B

2007.05.17 $BDI5-(B:

$B!!(Bpatch $B$rE,MQ$9$k$H!"(BIE 7 $B$K$*$$$F!"(B"Temporary Internet Files" $B$,$U$D$&$G$O$J$$>l=j$K$"$k(B ($B%G%U%)%k%H$N0LCV$+$iJL$N>l=j$K0\F0$5$;$F$$$k(B) $B>l9g$KIT6q9g$,H/@8$9$k$3$H$,$"$kLOMM!#(B

$B!!(BVista $B$N>l9g$NH/@8>r7o$O(B:

$B!!(BWindows XP / Server 2003 $B$N>l9g$O!"0J2<$N$I$A$i$+$,M-8z$J>l9g$KH/@8$9$kLOMM(B:

$B!!2sHr:v$,5-:\$5$l$F$$$k$N$G;2>H$5$l$?$$!#(B

2007.08.16 $BDI5-(B:

$B!!>e5-$N(B "Temporary Internet Files" $B$NLdBj$O!"(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs(B MS07-045 - $B6[5^(B: Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (937143) (Microsoft) $B$G=$@5$5$l$^$7$?!#4XO"(B: IE August Security Update is Now Available (IEblog, 2007.08.14)

$B"#(B Microsoft Exchange $B$N@H
(Microsoft, 2007.05.09)

$B!!(BExchange 2000 / 2003 / 2007 $B$KJ#?t$N7g4Y!#(B

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B"#(B Microsoft Office $B$N@H
(Microsoft, 2007.05.09)

$B!!(BMicrosoft Office 2000 / XP (2002) / 2003 / 2007, Microsoft Office 2004 for Mac $B$K7g4Y!#IA2h%*%V%8%'%/%H$N=hM}$K7g4Y$,$"$j!"96N,(B Office $B%I%-%e%a%s%H$K$h$C$FG$0U$N%3!<%I$rCVE-2007-1747

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

2007.08.03 $BDI5-(B:

$B!!(BMS07-025 $B$,2~D{$5$l$^$7$?!#(B $B!V(BWord / Excel / PowerPoint 2007 $B%U%!%$%k7A<0MQ(B Microsoft Office $B8_495!G=%Q%C%/(B$B!W$b$3$N7g4Y$N1F6A$r

$B"#(B Microsoft Word $B$N@H
(Microsoft, 2007.05.09)

$B!!(BMicrosoft Word 2000 / 2002 (XP) / 2003, Word Viewer 2003, Works Suite 2004 / 2005 / 2006, Microsoft Office 2004 for Mac $B$KJ#?t$N7g4Y!#(B

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B"#(B Microsoft Excel $B$N@H
(Microsoft, 2007.05.09)

$B!!(BExcel 2000 / 2002 (XP) / 2003 / 2007, Excel Viewer 2003, Word/Excel/PowerPoint 2007 $B%U%!%$%k7A<0MQ(B Microsoft Office $B8_495!G=%Q%C%/(B, Microsoft Office 2004 for Mac $B$KJ#?t$N7g4Y!#(B

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#$J$*!"(BWord/Excel/PowerPoint 2007 $B%U%!%$%k7A<0MQ(B Microsoft Office $B8_495!G=%Q%C%/(B$BMQ$N(B patch $B$O(B Office Update $B$d(B Microsoft Update $B$G$OE,MQ$5$l$J$$$N$GCm0U!#(B $B8DJL$K%@%&%s%m!<%I(B$B$7$FE,MQ$7$J$1$l$P$J$i$J$$!#(B

$B"#(B $BDI5-(B

2007$BG/(B5$B7n$N%;%-%e%j%F%#%j%j!<%9M=Dj(B

$B!!=P$^$7$?(B: 5$B7n$N%;%-%e%j%F%#%j%j!<%9(B ($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog, 2007.05.09)$B!#(B7 $B7oA4$F$,!V6[5^!W$H$$$&$N$O$O$8$a$F$J$s$8$c$J$$$+$7$i!#(B $B!V(B$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (933052) Microsoft Word $B$N@H$B!W(B $B$H(B $B!V(B$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (935964) Windows DNS $B%5!<%P!<(B $B$N(B RPC $B$N@H$B!W$bD>$C$F$^$9!#(B

$B$$$m$$$m(B (2007.05.01)

$B!!(BWinamp <= 5.34 .MP4 File Code Execution (milw0rm) $B$KBP1~$9$k$?$a$N(B Winamp 5.34a Security Patch $B$,8x3+$5$l$F$$$^$9!#%U%m!<%H$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2007.05.08

$B"#(B $B%H%l%s%I%^%$%/%m(B ServerProtect 5.58 for Windows $B$K(B 2 $B$D$N7g4Y(B ($BF|K\8l(B patch $B=P$F$^$7$?(B _o_)
(Zero Day Initiative, 2007.05.08)

$B!!%H%l%s%I%^%$%/%m(B ServerProtect 5.58 for Windows $B$K(B 2 $B$D$N7g4Y!#(B

$B!!(B$BF|K\8lHG(B$B$N(B ServerProtect for Windows/NetWare 5.58 $BHG(B Security Patch 1(Build_1176) $B$O!"%S%k%IHV9f$r8+$k$H(B ServerProtect 5.58 for Windows Security Patch 3 - Build 1176 $B$KAjEv$9$k$b$N$N$h$&$@!#(B $B%"%i!<%H(B/$B%"%I%P%$%6%j!'(BZDI-07-025$B!!(BServerProtect $B$N(BAgRpcCin.dll $B%9%?%C%/%*!<%P!<%U%m!<$N@H ($B%H%l%s%I%^%$%/%m(B) $B$G$b(B Security Patch 1 $B$GBP1~$7$F$$$k$H$5$l$F$$$k!#(B $B$3$l$K$h$k$H!"(BServerProtect for NetApp 5.62 $B$d(B ServerProtect for EMC 5.58 $B$K$bF1MM$N7g4Y$,$"$j!"(BSecurity Patch $B$GD>$C$F$$$k$=$&$@!#(B

2007.05.10 $BDI5-(B:

$B!!(B[Full-disclosure] ZDI-07-025: Trend Micro ServerProtect AgRpcCln.dll Stack Overflow Vulnerabilit $B$N(B CVE $BHV9f$r(B CVE-2007-2528 $B$K=$@5$7$?!#(B

$B"#(B MoAxB - Month of ActiveX Bug
(MoAxB)

$B!!(B5 $B7n$O(B Month of ActiveX Bug $B$J$N$@$=$&$G$9!#(B

$B"#(B $B$$$m$$$m(B (2007.05.08)
(various)

$B"#(B Multiple Vendors ZOO File Decompression Infinite Loop DoS
(SecuriTeam, 2007.05.07)

$B!!(BBarracuda Spam Firewall, Panda AntiVirus, avast!, AntiVir, zoo 2.10, unzoo.c, WinAce, PicoZip $B$K7g4Y!#(B ZOO $B%"!<%+%$%V$N07$$$K7g4Y$,$"$j!"FCDj$N(B ZIP $B%"!<%+%$%V$K$h$C$FL58B%k!<%W$K4Y$k!#(BPoC $B%3!<%I$,E:IU$5$l$F$$$k!#(B

  • Barracuda Spam Firewall: CVE-2007-1669$B!#(B virusdef 2.0.6399 (firmware 3.4 $B0J9_(B) / 2.0.6399o (firmware 3.4 $BL$K~(B) $B$GBP1~$5$l$F$$$k!#(B
  • Panda AntiVirus: CVE-2007-1670$B!#(B2007.04.02 $B$N99?7$GBP1~$5$l$F$$$k!#(B
  • avast!: CVE-2007-1672$B!#(B 4.7.981 (2007.04.14) $B$GBP1~$5$l$F$$$k!#(B
  • AntiVir: CVE-2007-1671$B!#(B 2007.03.22 $B$N99?7(B (avpack32.dll 7.3.0.6) $B$GBP1~$5$l$F$$$k!#(B
  • zoo 2.10: CVE-2007-1669$B!#;XE&J8=q$K(B patch $B$,E:IU$5$l$F$$$k!#(B patch $B$r$"$F$J$$$HL58B%k!<%W$K$J$j!"(Bpatch $B$r$"$F$k$H$=$&$O$J$i$J$$$3$H$runzoo.c: CVE-2007-1673$B!#L$BP1~(B
  • WinAce: CVE-2007-2535$B!#L$BP1~(B
  • PicoZip: CVE-2007-2536$B!#L$BP1~(B

$B"#(B 2007.05.07

$B"#(B 2007.05.06

  • $B!U(B $BBQ?L56AuBP:v!"7W;;%=%U%H2~D{CY$l!!?7@)EY$K4V$K9g$o$:(B (asahi.com, 5/7)

    $B9q8r>J$NCj=PD4::$G?7C[%^%s%7%g%s$NLs#13d$K5?LdE@$,8+$D$+$k$J$I!"A[Dj$rD6$($?$:$5$s$J9=B$@_7W$,9-$,$kJ$,<($9$Y$-%W%m%0%i%`$N4p=`$N8!F$$,D90z$$$F:G=*7hDj$,$G$-$:!"%=%U%H2q

    $B!!$J$s$@!"9q8r>J$,0-$$$s$8$c$s!#$D!<$+!"(B

    $B9q8r>J$O$^$@:G=*E*$J4p=`$r8xI=$7$F$*$i$:!"(B

    $B!!2?$=$l!D!D(B

  • $B!U(B $B1`ED$5$s=j$N%3%a%s%HMs$,1j>e(B ($B%O%K!<%]%C%?!<$NIt20(B, 5/4)$B!#(B $B!V%M%?$K%^%8%l%9!W$h$j$O!V$=$s$J1B$G26MM$,D`$i$l%/%^!$BA\::8&5f(B 2007$BG/(B3$B7n9f(B $B$G$9$+!#(B

    $B!!(B$B%o%s%/%j%C%/NA6b@A5a$K$4MQ?4(B ($B7Y;kD#(B) $B$K$h$k$H(B

    1. $BMxMQ5,Ls$,$J$$$h$&$J>l9g$OL5;k$r$9$k!#(B
    2. $BMxMQ5,Ls$,$"$k>l9g$O!"$h$/FI$s$G3NG'$9$k!#(B
    3. $BEE;R>CHqCHql9g!"$=$N?=$79~$_$OL58z$r$B>e5-(B2$B!$(B3$B$K!VF10U!W$7$?>e%5!<%S%9$rMxMQ$7$?>l9g$O!";YJ'$$5AL3$,H/@8$9$k$*$=$l$,$"$k!#$J$*!">e$K$"$k7HBSEEOC$N%$%a!<%82hLL$N$h$&$K!V$$$$$(!W$d!V#N#O!W%\%?%s$r%/%j%C%/$7$F$b!"!VEPO?40N;!W2hLL$K$J$k>l9g$b$"$k$,!"$=$N$h$&$J2hLL$G$O!"3NG'A

    $B$@$=$&$G!#$3$l$r5U$KFI$`$H!"$=$&$$$&C$;$H$$$&?M$O$$$k$s$G$9$+$M$'!#(B

$B"#(B 2007$BG/(B5$B7n$N%;%-%e%j%F%#%j%j!<%9M=Dj(B
($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog, 2007.05.04)

  • Windows: 2$B!#:GBg?<9oEY$O!V6[5^!W(B
  • Office: 3$B!#:GBg?<9oEY$O!V6[5^!W(B
  • Exchange: 1$B!#:GBg?<9oEY$O!V6[5^!W(B
  • CAPICOM $B$*$h$S(B BizTalk: 1$B!#:GBg?<9oEY$O!V6[5^!W(B
  • $B%;%-%e%j%F%#0J30$NM%@hEY$N9b$$99?7%W%m%0%i%`(B:
    • WU / SUS: 1
    • MU / WSUS: 6

$B!!:#EY$3$=!V(B$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (933052) Microsoft Word $B$N@H$B!W(B $B$,D>$k$+$J(B?

2007.05.09 $BDI5-(B:

$B!!=P$^$7$?(B: 5$B7n$N%;%-%e%j%F%#%j%j!<%9(B ($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog, 2007.05.09)$B!#(B7 $B7oA4$F$,!V6[5^!W$H$$$&$N$O$O$8$a$F$J$s$8$c$J$$$+$7$i!#(B $B!V(B$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (933052) Microsoft Word $B$N@H$B!W(B $B$H(B $B!V(B$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (935964) Windows DNS $B%5!<%P!<(B $B$N(B RPC $B$N@H$B!W$bD>$C$F$^$9!#(B

2007.05.10 $BDI5-(B:

$B!!$^$H$a%Z!<%8(B:

$B"#(B New PHP releases
(SANS ISC, 2007.05.04)

$B!!(BPHP 4.4.7 / 5.2.2 $B$,EP>l$7$?$=$&$G$9!#(B MOPB-03, 08, 14, 20, 21, 22, 24, 26, 29, 33, 34, CVE-2007-1001 $B$,D>$C$F$$$k$=$&$G$9!#(B

2007.05.10 $BDI5-(B:

  • CVE-2007-2511: Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.
  • CVE-2007-2510: Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.
  • CVE-2007-2509: CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
  • CVE-2007-1864: Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.

$B"#(B 2007.05.03

  • $B!U(B $BD9:j;TD9 ($BFIGd(B, 5/2)

  • $B!U(B $B%(%9%H%K%"!'%m%7%"$H$N6[D%9b$^$k!!5l%=O"HjE15nC<=o$K(B ($BKhF|(B, 5/2)

    $B%(%9%H%K%"9qL1$NLs#33d$K$"$?$k%m%7%"7O=;L1$K$H$C$F5-G0Hj$O!"BhFs]D'!#$@$,BgH>$N%(%9%H%K%"?M$K$O5l%=O"$K$h$k@jNN$N>]D'$G!"KhG/#57n#9F|$N@o>!5-G0F|$K$O!"5-G0Hj<~JU$GAPJ}$N>.6%$j9g$$$,B3$$$F$-$?!#%(%9%H%K%"$O$3$l$r0\E>$NM}M3$K$7$F$$$k!#(B

    $B!!2rJ|$7$?$N$,%=O"$G$O!"2rJ|

    $B%m%7%"B&$O!VNr;K$N=q$-49$(!W$J$I$HH?H/$7!">e1!$O#2#7F|!"@/I\$K%(%9%H%K%"$H$N9q8rCG@d$rMW5a!#%W!<%A%sBgE}NN$r;Y;}$9$k?F1RBb!V%J!<%7!W$J$I$N

    $B!!!VNr;K$N=q$-49$(!W$H8@$C$F$k?MC#<+?H$,!"%=O"$,2?$r$d$C$F$-$?$N$+$r$5$C$Q$jK:$l$F$k$h$&$G!#(B

$B"#(B 2007.05.02

$B"#(B Release Notes on VMware Workstation 5.5.4, Build 44386
(VMware.com, 2007.04.27)

$B!!(BVMware Workstation 5.5.4, Build 44386 $BEP>l!#J#?t$N7g4Y$,=$@5$5$l$F$$$k!#(B

  • $B6&M-%U%)%k%@(B$B$rMxMQ$7$F$$$k>l9g$K!"%2%9%H(B OS $B$+$i%[%9%H(B OS $B$NG$0U$N>l=j$KG$0U$NFbMF$r=q$-9~$a$k!#6&M-%U%)%k%@$NB0@-@_Dj$O4X78$J$$$_$?$$!#(B CVE-2007-1744

  • 64bit $B%[%9%H>e$G(B 64bit $B%2%9%H$rMxMQ$7$F$$$k>l9g$K!"%m!<%+%k%W%m%0%i%`$r%G%P%C%0$9$k$H!"2>A[%^%7%s$rGK2u$G$-$k(B ($BG$0U$N%3!<%I$NCVE-2007-1876

  • Windows $B%2%9%H(B OS $B$N%a%b%j4IM}$K$*$1$kJ#?t$N(B general protection faults (GPFs) $B$N07$$$K7g4Y$,$"$j!"(BWindows $B2>A[%^%7%s$r%/%i%C%7%e$G$-$k!#(B CVE-2007-1069

  • $BFCDj$N>u67$G!"2>A[%^%7%s%W%m%;%9(B (VMX) $B$K2u$l$?@_Dj$rJ]B8$5$;$k$3$H$,$G$-$k!#(B $B$3$l$O(B DoS $B967b$K$J$k!#(B CVE-2007-1877

  • ACPI $BEE8;4IM}$K4XO"$7$F!"%9%j!<%W(B (S2) $B$+$iDL>oF0:n(B (S0) $B$KI|5"$9$k>l9g$K2>A[%^%7%s%W%m%;%9(B (VMX) $B$OF0:n>uBV$N>pJs$r<}=8$9$k!#(B $BFCDj$N>u67$G!"(BVMX $B$,8m$C$?>pJs$r<}=8$9$k$h$&$KA`:n$G$-$k!#(B $B$3$l$O(B DoS $B967b$K$J$k!#(B CVE-2007-1337

$B!!B>$N%W%m%@%/%H$O(B:

$B"#(B $BDI5-(B

About Security Update 2007-004

$B!!(BSecurity Update 2007-004 v1.1 $B$,=P$F$$$^$9!#(B

$B!!(BAirPort $B4X78$G%(%s%P%0$7$F$$$?$b$N!"(Bftp $B%5!<%P4X78$G?7$?$J7g4Y(B CVE-2007-0745 $B$r$D$/$C$F$7$^$C$F$$$?$b$N$r=$@5$7$?$=$&$G$9!#(B

$B!V(BMac$B%O%C%-%s%0!&%3%s%F%9%H!W$GM%>!^6b(B1$BK|%I%k!=!=$"$i$?$a$FZ$5$l$?(BMac$B4D6-$N4m81$J@H

$B!!(BQuickTime 7.1.6 $B=P$^$7$?!#$3$N7g4Y$,=$@5$5$l$F$$$^$9!#(B

$B!!:G6a8x3+$5$l$?0J2<$N7g4Y$O$^$@D>$C$F$$$J$$$h$&$J$N$GCm0U(B:

$B"#(B 2007.05.01

$B"#(B $B$$$m$$$m(B (2007.05.01)
(various)

$B!!:_8K=hJ,Cf!#(B

2007.05.09 $BDI5-(B:

$B!!(BWinamp <= 5.34 .MP4 File Code Execution (milw0rm) $B$KBP1~$9$k$?$a$N(B Winamp 5.34a Security Patch $B$,8x3+$5$l$F$$$^$9!#%U%m!<%H$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B $BDI5-(B

Photoshop CS3/CS2$B$K%Q%C%AL$Ds6!$N@H

$B!!(BPNG $B%U%!%$%k$b$d$P$$LOMM!#(B

[Clamav-announce] announcing ClamAV 0.90.2

$B!!(B0.90.2 $B$GD>$C$F$$$k!"(BPDF $B$G(B DoS $B$9$k7o(B: CVE-2007-2029$B!#(B

$B"#(B Korean Internet Shoppers Get More Than They Bargained For
(Symantec blog, 2007.04.30)

$B!!(BSettec $B$N(B Alpha-DVD $B%3%T!$B$K$O(B rootkit (SecurityRisk.Settec) $B$,4^$^$l$F$$$k!"$H$$$&OC!#(B

$B"#(B Bind Version 9.4.1 is out
(SANS ISC, 2007.04.30)

$B!!(Bbind 9.4.1 $B$,=P$?$=$&$G$9!#(B RELEASE NOTES $B$r8+$k$H!"$3$s$J$3$H$,=q$+$l$F$$$^$9(B: 

	BIND 9.4.1 is a security release of BIND 9, containing a
	fix for a vulnerability in BIND 9.4.0:

2172.   [bug]           query_addsoa() was being called with a non zone db.
                        [RT #16834]

	If you are running BIND 9.4.0 (either pre-release or final),
	you are advised to upgrade as soon as possible to BIND 9.4.1.

$B!!(Bdiff $B$B$3$s$J$1$7$+$J$$$7(B$B!#(B

$B!!4XO"(B: [SA25070] ISC BIND "query_addsoa" Denial of Service

[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B