$B%;%-%e%j%F%#%[!<%k(B memo - 2007.12

Last modified: Thu Feb 21 16:38:36 2008 +0900 (JST)

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B"#(B 2007.12.31

$B"#(B 2007.12.30

$B"#(B $B$$$m$$$m(B (2007.12.30)
(various)

$B"#(B 2007.12.29

$B"#(B 2007.12.28

$B"#(B 2007.12.27

$B"#(B $B$$$m$$$m(B (2007.12.27)
(various)

$B"#(B Microsoft$B!"(BWindows Home Server$B>e$N%U%!%$%k$,GKB;$9$kLdBj$r7Y9p!!(B Microsoft$B@=IJ0J30$N%"%W%j%1!<%7%g%s$G$bIT6q9g$,H/@8(B
(computerworld, 2007.12.27)

$B!!(BKB946676 $B$h$j!"(BHome Server $B>e$G$NIT6q9g$NH/@8$,3NG'$5$l$F$$$k(B Microsoft $B@=IJ(B:

  • Windows Vista Photo Gallery
  • Windows Live Photo Gallery
  • Microsoft Office OneNote 2003 / 2007
  • Microsoft Office Outlook 2007
  • Microsoft Money 2007
  • SyncToy 2.0 Beta

$B!!(BHome Server $B>e$G$NIT6q9g$NH/@8$,Js9p$5$l$F$$$k(B 3rd party $B@=IJ(B:

  • BitTorrent $B$r;H$C$?DL?.$r9T$&%"%W%j%1!<%7%g%s(B
  • QuickBooks
  • Quicken

$B!!(B3rd party $B$O$H$b$+$/<+

$B"#(B $BDI5-(B

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (945713) Web $B%W%m%-%7<+F0H/8+(B (WPAD) $B$N@HpJsO3$($$$,5/$3$k(B

$B!!4XO"(B: Web$B%W%m%-%7<+F0H/8+!J(BWPAD$B!K$N@H$NDI2C;XDj$K$D$$$F(B (JPRS, 2007.12.21)

JPRS$B$G$O!"$3$N@H]J8;zNs$rEvLL$N4VM=Ls%I%a%$%sL>$H$7$F;XDj$7!"$3$NJ8;zNs$rBh(B3$B%l%Y%k$^$?$OBh(B4$B%l%Y%k!JB0@-7?!&CO0h7?(BJP$B%I%a%$%sL>$N(B<$BAH?%%i%Y%k(B>$B!K$K;HMQ$7$?%I%a%$%sL>$NEPO?$,$G$-$J$$$h$&$K$7$^$7$?!#$3$NM=Ls%I%a%$%sL>$N;XDj$K4X$9$k!VB0@-7?!JAH?%EPO?Ey$K4X$9$k5;=Q:YB'!W$N2~D{$K$D$$$F$O!":#8e$N:.MpKI;_$NBP:v>u67Ey$r9MN8$N>e!"I,MW$K1~$8$F$*CN$i$;$$$?$7$^$9!#(B
($BCfN,(B) 
 $B!{BP>]J8;zNs(B

    $BB0@-7?!&CO0h7?(BJP$B%I%a%$%sL>(B

        * <$BAH?%%i%Y%k(B>$B$K(B"WPAD"$B$r;HMQ$7$?%I%a%$%sL>(B
          $BNc!'(BWPAD.CO.JP$B!"(BWPAD.CHIYODA.TOKYO.JP $B$J$I(B 

    $BHFMQ(BJP$B%I%a%$%sL>(B

        * $BM=LsJ8;zNs$NDI2C$O$"$j$^$;$s!#(B

$B"#(B 2007.12.26

$B"#(B $B%j%P!<%9%(%s%8%K%"%j%s%0$H%;%-%e%j%F%#@H
($B%U%)%F%#!<%s%U%)%F%#5;=Q8&5f=j(B, 2007.12.17)

$B!!!V5;=Q$NBN7O2=$H650i!"%H%l!<%K%s%0$,=EMW!W$G$9$+!#(B $B$^$:$O6541$r0lDj?tM\@.$9$k$H$3$m$+$i$O$8$a$J$$$H$$$1$J$$$s$@$h$J!#(B

$B!!$H$3$m$G(B Upcoming Advisories $B$J$N$G$9$,!"(B7 $B7n(B 8 $B7n$N$b$N$,$$$^$@$K$1$C$3$&;D$C$F$^$9$M!D!D!#$"$H!"(B[FFRUA-20071216] $BJ8=q:n@.%=%U%H%&%(%"$N@H $B$H$$$&$N$,A}$($F$$$^$9!#(B

$B"#(B $B$$$m$$$m(B (2007.12.26)
(various)

$B"#(B 2007.12.25

$B"#(B $B$$$m$$$m(B (2007.12.25)
(various)

$B"#(B $BDI5-(B

Apple $BJ}LL(B (2007.12.18)

$B!!(BSecurity Update 2007-009 / Safari 3 Beta 3.0.4 Security Update $B$rE,MQ$9$k$H(B Safari $B$,0[>o=*N;$9$kLdBj$,H/8+$5$l!"=P$7D>$7HG$N=$@5%W%m%0%i%`(B v1.1 $B$,8x3+$5$l$F$$$^$9!#(B

Web Page Code Injection via ARP Spoofing

$B!!(BARP spoofing HTTP infection malware (Websense blog, 2007.12.21)

JustSystem Ichitaro JSGCI.DLL Unspecified Stack Buffer Overflow Vulnerability

$B!!(B$B%8%c%9%H%7%9%F%`@=IJ$N@H ($B%8%c%9%H%7%9%F%`(B) $B$,(B 12/18 $BIU$G2~D{$5$l$^$7$?!#(B $B1F6A$r

$B!!$^$?!"%i%Y%k%^%$%F%#$K4X$7$F!V!\(B[$B%W%i%9(B]$B!&(BLE$B!&(BJE$B!&%;%l%/%H!&%4!<%k%I%Q%C%/!&%V%k!<%Q%C%/!&%9%?!<%?!<%-%C%H!&>.3X@8HG!"%S%8%M%9JT!&%W%l%_%"%`!&$o$,$^$^%7%j!<%:!&%i%Y%k%3%l%/%7%g%s!&%9%F%C%+!<:2!&(BDIGA$B$r4^$`!W$H$$$&Cp

$B!!$5$i$K!"0lB@O:(B for Linux $B$N=$@5%W%m%0%i%`!"(B$B2V;R%S%e!<%"(B$B?7HG!"$O$C$T$g$&L>?M%S%e!<%"?7HG$,8x3+$5$l$F$$$^$9!#MxMQ

RealNetworks, Inc.$B!"%;%-%e%j%F%#@H

$B!!$3$N7g4Y$r96N,$9$k(B Web $B%Z!<%8$,EP>l$7$F$$$k$h$&$G$9!#(B

$B!!$J$*!"$5$-$[$I(B RealPlayer 11 $B$K%"%C%W%0%l!<%I$7$F$_$?$i!"%S%k%IHV9f$O(B 6.0.14.748 $B$G$7$?!#(B

$B"#(B 2007.12.24

$B"#(B Your security: 1 in 5 applications are not patched!
(Secunia blog, 2007.12.21)

$B!!(BSecunia Personal Software Inspector $B$N@kEA$G$O$"$k$N$@$,!"

$B"#(B $B$$$m$$$m(B (2007.12.24)
(various)

$B"#(B 2007.12.22

$B"#(B $BDI5-(B

$B%^%$%/%m%=%U%H(B 2007 $BG/(B 12 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BMS07-065 - $B=EMW!!(B $B%a%C%;!<%8(B $B%-%e!<$N@H $B$N(B exploit $B$,=P$F$$$^$9!#(B

$B$$$m$$$m(B (2007.08.31)

$B!!(BSendmail with clamav-milter < 0.91.2 Remote Root Exploit (milw0rm)$B!#B?J,(B CVE-2007-4560 $B$N(B exploit $B!#$3$s$J$K4JC1$J$s$G$9$M!#(B

$B"#(B 2007.12.21

$B"#(B InterScan Gateway Security Appliance 1.5 Critical Patch Build 1196 $B8x3+$N$*CN$i$;(B
($B%H%l%s%I%^%$%/%m(B, 2007.12.21)

$B!!8=:_$N(B IGSA $B$O%Q%?!<%s%U%!%$%k$r%3%s%Q%/%H%U%i%C%7%e%+!<%I$KJ]B8$7$F$$$k$,!"6a$$>-Mh$"$U$l$k2DG=@-$,$"$k$?$a!"0lIt$r(B HDD $B$KJ]B8$9$k$h$&$KJQ99$9$k(B patch$B!"$@$=$&$@!#(B

$B2a5n$N%^%k%&%'%"J?6QE*$JH/@87o?t$r$b$H$K$7$?A[Dj$G$O!"(B2008$BG/(B2$B7n$3$m$KE~C#$9$k$H;W$o$l!"$^$?!"%^%k%&%'%"H/@8$,BgI}$KA}2C$9$k>u67$rA[Dj$9$k$H!"(B2008$BG/(B1$B7nKvF|$4$m$H$J$k2DG=@-$b$"$j$^$9!#(B
$B$*5R$5$^$N%;%-%e%j%F%#%j%9%/2sHr$r:GM%@h$$$?$@$-!"$9$Y$F$N$*5R$5$^$K$*$$$F(B2008$BG/(B1$B7nCf$NE,MQ$r$*4j$$$$$?$7$^$9!#(B

$B"#(B $BDI5-(B

12/12$B$N(BWindows update$B$G(BIE6.0$B$,IT0BDj$K$J$k7o$K$D$$$F(B

$B!!>e5-@_DjMQ$H;W$o$l$k!V=$@5%W%m%0%i%`!W$,8x3+$5$l$^$7$?!#(B

$B"#(B 2007.12.20

$B"#(B Google$B$N(BSNS$B!V(BOrkut$B!W$G(BWeb$B%o!<%`$,LT0R!"(B40$BK|?M$,46@w(B
(ITmedia, 2007.12.20)

$B!!(BSNS $B%5%$%H(B Orkut $B$K30It$+$i$N%9%/%j%W%HA^F~$r5v$97g4Y$,$"$j!"(B $B$3$l$r0-MQ$7$?%o!<%`$,BgN.9T$7$?LOMM!#8=:_$ODC@E2=$5$l$F$$$k$h$&$@!#(B

$B!!(BOrkut $B$N%9%/%i%C%W%V%C%/5!G=$O(B Flash $B$d(B JavaScript $B$r(B ($B0lIt%U%#%k%?$7$F(B) $B5v2D$9$k$h$&$J$N$@$,!"(B $B967bOrkut spam worm spotted! (McAfee blog, 2007.12.19) $B$K%o!<%`%9%/%j%W%H$,7G:\$5$l$F$$$k!#(B

$B"#(B [$B6[5^(B]ServerView$B$N(BLinux$B$K$*$1$k@H
($BIY;NDL(B, 2007.12.20)

$B!!IY;NDL$N(B PRIMERGY $B%5!<%P$KE:IU$5$l$F$$$k4IM}%=%U%H(B ServerView $B$N%=%U%H%&%'%"%3%s%]!<%M%s%H(B ServerView AlarmService / WebExtension / S2 $B$K7g4Y!#(B remote $B$+$iG$0U$N%7%'%k%3%^%s%I$r(B Web $B%5!<%P8"8B$G

$B!!(BServerView V3.60L99E $B0J9_(B / ServerView Console for Linux V4.20.27 $B0J9_$G=$@5$5$l$F$$$k!#(B

$B"#(B Changelog for Opera 9.25 for Windows
(opera.com, 2007.12.20)

$B!!(BOpera 9.25 $BEP>l!#(B4 $BCVE-2007-6524 CVE-2007-6523 CVE-2007-6522 CVE-2007-6521 CVE-2007-6520

$B"#(B Google Toolbar$B$G@H
(computerworld, 2007.12.19)

$B!!(BGoogle Toolbar 5 beta for Internet Explorer / 4 for Internet Explorer / 4 for Firefox $B$K7g4Y!#(BGoogle $B%D!<%k%P!<$K%+%9%?%`%\%?%s$rDI2C$9$k:]$K%"%/%;%9$9$k%j%s%/$N(B URL $B$r%*!<%W%s%j%@%$%l%/%?(B ($BNc(B: http://www.google.com/local_url?q=) $B7PM3$K$9$k$3$H$G!"%+%9%?%`%\%?%sDI2C;~$KI=<($5$l$k%@%&%s%m!<%I@h$N%@%$%"%m%0$K$O%*!<%W%s%j%@%$%l%/%?$N%I%a%$%sL>$,I=<($5$l$k!#7k2L$H$7$F!"%@%&%s%m!<%I@h$,?.Mj$G$-$k%5%$%H$G$"$k$H56Au$G$-$F$7$^$&!#(B

$B!!(BGoogle $B$O8=:_=$@5:n6HCf$NLOMM!#2sHr:v$H$7$F$O!"%+%9%?%`%\%?%s$rDI2C$9$k:]$K%"%/%;%9$9$k%j%s%/$rF~G0$K3NG'$9$k$/$i$$$+!#4XO"(B:

$B"#(B 2007.12.19

$B"#(B $BDI5-(B

12/12$B$N(BWindows update$B$G(BIE6.0$B$,IT0BDj$K$J$k7o$K$D$$$F(B

$B!!(BMS07-069 Cumulative Security Update for Internet Explorer - Post Install Issue (MSRC blog, 2007.12.18)$B!#LdBj$NB8:_$OG'<1$5$l$F$$$kLOMM!#%l%]!<%H$,A}$($l$PBP1~$bAa$/$J$k$O$:$J$N$G!"8=>]$,H/@8$7$?>l9g$O$I$s$I$s%l%]!<%H$7$F$"$2$F2<$5$$!#(B $B$"$H!"(BMSRC blog $B$G$O(B KB946627 $B$,>R2p$5$l$F$$$k$N$@$,!"%"%/%;%9$9$k$H!V$*C5$7$N%5%]!<%H5;=Q>pJs$O8=:_MxMQ$G$-$^$;$s!W$H8@$o$l$F$7$^$&$J$"!#(B

$B!!!D!D$"!"=P$?(B: Internet Explorer 6 crashes after you install security update 942615 on a computer that is running Windows XP Service Pack 2 (Microsoft KB946627)$B!#(B $B%l%8%9%H%j$G(B FEATURE_PROTECT_DECOMPRESSION_FILTER_FROM_ABORT_KB942367 $B$r@_Dj$7$F$_$h!"$H$J$C$F$$$k!#(BKB942367 $B!D!D(B On a Windows XP SP2-based computer that has certain cumulative security updates for Internet Explorer installed, Internet Explorer 6 may stop responding when you try to visit a Web site (Microsoft KB942367) $B$G$9$+!#(B $B$3$N%l%8%9%H%j$,<+F0E*$K@_Dj$5$l$k$Y$-$G$"$C$?$K$b$+$+$o$i$:@_Dj$5$l$J$$!"$H$$$&$N$,LdBj$J$N$+$J!#(B

$B!!(BZDNet $B$K4XO"5-;v(B: Microsoft$B$N7nNc%Q%C%A$G(BIE$B$KIT6q9g(B (ZDNet, 2007.12.18)$B!#(BWindows XP SP2 + IE6 $B$NIT6q9g!"(BWindows $B$r:F5/F0$7$?$i2r7h$7$?$H$$$&OC!#(B

$B!!>e5-$NLdBj$O!";d$N%G%U%)%k%H%[!<%`%Z!<%8$r3+$$$?$H$-$K5/$-$?!#;d$N%[!<%`%Z!<%8$O$+$J$j$N%+%9%?%^%$%:$r;\$7$?!V(BMy MSN$B!W$@!#(B
$B!!(BInternet Explorer$B$N0l;~%U%!%$%k%U%)%k%@$r$-$l$$$K$7$F!"%[!<%`%Z!<%8$r6uGr$N%Z!<%8$KJQ$($k$HLdBj$O2r7h$5$l$?!#$7$+$7!"$3$l$OK~B-$G$-$k2r7hJ}K!$G$O$J$+$C$?!#(B
$B!! $B!!(BKB942615$B$N99?7$O%j%V!<%H$r6/@)$9$k$h$&$K%W%m%0%i%`$5$l$k$Y$-$J$N$K!"$=$&$J$C$F$$$J$$$N$G$O$J$$$+!#(B

$B!!(BInternet Explorer 6 crashes after you install security update 942615 on a computer that is running Windows XP Service Pack 2 (Microsoft KB946627) $B$N(B patch $B$O:F5/F0I,?\$H$J$C$F$$$^$9$+$i!":F5/F0$OI,MW$J$N$G$7$g$&!#(B

$B!!4XO"(B: Post Install Issues with MS07-069 (IE6 on XPSP2) (IEblog, 2007.12.18)

Apple $BJ}LL(B

$B!!(BApple Mac OS X mount_smbfs Stack Based Buffer Overflow Vulnerability (iDefense) $B$rDI5-!#(B

$B$$$m$$$m(B (2007.12.18)

$B!!(BTYPO3 4.1.4 $B$K$O=EBg$J(B ($BHs%;%-%e%j%F%#$N(B) $B7g4Y$,(B 1 $B$D$"$C$?$=$&$G!"(BTYPO3 4.1.5 $B$,%j%j!<%9$5$l$F$$$^$9!#?@8M$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B [APSB07-20] Flash Player update available to address security vulnerabilities
(Adobe, 2007.12.18)

$B!!(BFlash Player 9.0.48.0 $B0JA0(B / 8.0.35.0 $B0JA0(B / 7.0.70.0 $B0JA0$KJ#?t$N7g4Y!#(B Flash Player 9.0.115.0 for Windows / Linux / Mac $B$G=$@5!&BP1~$5$l$F$$$k!#(B

$B!!(BSolaris $BHG$N(B Flash Player 9.0.115.0 $B$O8e9oMQ0U$5$l$k!#(B Flash Player 9 $B$K0\9T$G$-$J$$?MMQ$N(B Flash Player 7 $B$@$,!"(BFlash Player 7r73 $B$G=*N;$H$J$k!#(BFlash Player 9 $B$X0\9T$9$k%7%+!#(B ($B$G$b(B FreeBSD $B$G$O0BDj$7$J$$$s$@$h$J$!(B)

$B!!4XO"(B: Security changes in Flash Player 9 (Adobe)

2008.01.06 $BDI5-(B:

$B!!(BXSS Vulnerabilities in Common Shockwave Flash Files (Rich Cannings)$B!#(Basfunction: $B%W%m%H%3%k$NOC$N>\:Y!#(B

2008.01.08 $BDI5-(B:

$B!!(BFreeBSD ports $B$G(B Flash Player 7r73 $B$H(B Flash Player 9.0r115 $B$,MQ0U$5$l$?(B: Adobe Acroread 8$BEP>l!$(BPostgreSQL$B%;%-%e%j%F%#99?7!$(BPostgreSQL$B8~$1A4J88!:w5!G=(Bludia$BDI2C!$(Blibgpod$B$G?7(BiPod Classic/Nano Video$BBP1~!$(BLinux Flash 7/9$B99?7(B (FreeBSD Daily Topics, 2008.01.08)

$B"#(B $B$$$m$$$m(B (2007.12.19)
(various)

$B"#(B 2007.12.18

$B"#(B 12/12$B$N(BWindows update$B$G(BIE6.0$B$,IT0BDj$K$J$k7o$K$D$$$F(B
(anti.dmz-plus.com, 2007.12.13)

$B!!(BWindows XP + IE 6 $B$N4D6-$K(B MS07-069 patch (942615) $B$r%$%s%9%H!<%k$9$k$H!"(B http://jp.msn.com/ $B$J$I$K%"%/%;%9$7$?$H$-$K(B urlmon.dll $B$N%(%i!<$K$h$j(B crash $B$9$k$3$H$,$"$k$H$$$&OC!#Microsoft Update$B<:GT$7$?$i(Bage$B$k%9%l(B 17 $B$K$OJ#?t$N%(%i!e$,$C$F$$$k!#(B benjamin $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!(BHTTP/1.1 $B$r;H$o$J$$$h$&$K@_Dj$9$k$H2~A1$5$l$k$H$$$&Js9p$,$"$k$,!">o$KM-8z$J$o$1$G$O$J$$LOMM!#(B

$B!!$^$?!"(BWindows 2000 SP4 + IE6 + MS07-068 patch (941569) $B$N4D6-$G$bJL$NIT6q9g$,H/@8$9$k$3$H$,$"$kLOMM!#(B

2007.12.19 $BDI5-(B:

$B!!(BMS07-069 Cumulative Security Update for Internet Explorer - Post Install Issue (MSRC blog, 2007.12.18)$B!#LdBj$NB8:_$OG'<1$5$l$F$$$kLOMM!#%l%]!<%H$,A}$($l$PBP1~$bAa$/$J$k$O$:$J$N$G!"8=>]$,H/@8$7$?>l9g$O$I$s$I$s%l%]!<%H$7$F$"$2$F2<$5$$!#(B $B$"$H!"(BMSRC blog $B$G$O(B KB946627 $B$,>R2p$5$l$F$$$k$N$@$,!"%"%/%;%9$9$k$H!V$*C5$7$N%5%]!<%H5;=Q>pJs$O8=:_MxMQ$G$-$^$;$s!W$H8@$o$l$F$7$^$&$J$"!#(B

$B!!!D!D$"!"=P$?(B: Internet Explorer 6 crashes after you install security update 942615 on a computer that is running Windows XP Service Pack 2 (Microsoft KB946627)$B!#(B $B%l%8%9%H%j$G(B FEATURE_PROTECT_DECOMPRESSION_FILTER_FROM_ABORT_KB942367 $B$r@_Dj$7$F$_$h!"$H$J$C$F$$$k!#(BKB942367 $B!D!D(B On a Windows XP SP2-based computer that has certain cumulative security updates for Internet Explorer installed, Internet Explorer 6 may stop responding when you try to visit a Web site (Microsoft KB942367) $B$G$9$+!#(B $B$3$N%l%8%9%H%j$,<+F0E*$K@_Dj$5$l$k$Y$-$G$"$C$?$K$b$+$+$o$i$:@_Dj$5$l$J$$!"$H$$$&$N$,LdBj$J$N$+$J!#(B

$B!!(BZDNet $B$K4XO"5-;v(B: Microsoft$B$N7nNc%Q%C%A$G(BIE$B$KIT6q9g(B (ZDNet, 2007.12.18)$B!#(BWindows XP SP2 + IE6 $B$NIT6q9g!"(BWindows $B$r:F5/F0$7$?$i2r7h$7$?$H$$$&OC!#(B

$B!!>e5-$NLdBj$O!";d$N%G%U%)%k%H%[!<%`%Z!<%8$r3+$$$?$H$-$K5/$-$?!#;d$N%[!<%`%Z!<%8$O$+$J$j$N%+%9%?%^%$%:$r;\$7$?!V(BMy MSN$B!W$@!#(B
$B!!(BInternet Explorer$B$N0l;~%U%!%$%k%U%)%k%@$r$-$l$$$K$7$F!"%[!<%`%Z!<%8$r6uGr$N%Z!<%8$KJQ$($k$HLdBj$O2r7h$5$l$?!#$7$+$7!"$3$l$OK~B-$G$-$k2r7hJ}K!$G$O$J$+$C$?!#(B
$B!! $B!!(BKB942615$B$N99?7$O%j%V!<%H$r6/@)$9$k$h$&$K%W%m%0%i%`$5$l$k$Y$-$J$N$K!"$=$&$J$C$F$$$J$$$N$G$O$J$$$+!#(B

$B!!(BInternet Explorer 6 crashes after you install security update 942615 on a computer that is running Windows XP Service Pack 2 (Microsoft KB946627) $B$N(B patch $B$O:F5/F0I,?\$H$J$C$F$$$^$9$+$i!":F5/F0$OI,MW$J$N$G$7$g$&!#(B

$B!!4XO"(B: Post Install Issues with MS07-069 (IE6 on XPSP2) (IEblog, 2007.12.18)

2007.12.21 $BDI5-(B:

$B!!>e5-@_DjMQ$H;W$o$l$k!V=$@5%W%m%0%i%`!W$,8x3+$5$l$^$7$?!#(B

$B"#(B Apple $BJ}LL(B (2007.12.18)
(Apple)

2007.12.19 $BDI5-(B:

$B!!(BApple Mac OS X mount_smbfs Stack Based Buffer Overflow Vulnerability (iDefense) $B$rDI5-!#(B

2007.12.25 $BDI5-(B:

$B!!(BSecurity Update 2007-009 / Safari 3 Beta 3.0.4 Security Update $B$rE,MQ$9$k$H(B Safari $B$,0[>o=*N;$9$kLdBj$,H/8+$5$l!"=P$7D>$7HG$N=$@5%W%m%0%i%`(B v1.1 $B$,8x3+$5$l$F$$$^$9!#(B

$B"#(B $BDI5-(B

JustSystem Ichitaro JSGCI.DLL Unspecified Stack Buffer Overflow Vulnerability

$B!!(B$B%8%c%9%H%7%9%F%`@=IJ$N@H ($B%8%c%9%H%7%9%F%`(B) $B$,(B 12/17 $BIU$G2~D{$5$l$^$7$?!#(B $B1F6A$r

$B!!(B$B2V;R%S%e!<%"(B$B$N?7HG$O$^$@=P$F$$$J$$$h$&$G$9!#(B

$B!!4XO"(B:

QuickTime$B$K$^$??7$?$J@HZ%3!<%I$b8x3+(B

$B!!(BApple Quick Time $B$G$N(B RTSP Content-Type $B$K$h$k%j%b!<%H(B $B%3!<%I (ISSKK)

$B%^%$%/%m%=%U%H(B 2007 $BG/(B 12 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!DI5-(B:

SquirrelMail package compromise

$B!!2~$6$s$K$h$C$F!"%j%b!<%H$+$i$N%U%!%$%kFI$_9~$_$r>7$/$h$&$J7g4Y$,Kd$a9~$^$l$F$$$?!#(B CVE-2007-6348

$B"#(B $B$$$m$$$m(B (2007.12.18)
(various)

2007.12.19 $BDI5-(B:

$B!!(BTYPO3 4.1.4 $B$K$O=EBg$J(B ($BHs%;%-%e%j%F%#$N(B) $B7g4Y$,(B 1 $B$D$"$C$?$=$&$G!"(BTYPO3 4.1.5 $B$,%j%j!<%9$5$l$F$$$^$9!#?@8M$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2007.12.17

$B"#(B $B$$$m$$$m(B (2007.12.17)
(various)

$B"#(B 2007.12.16

$B"#(B CVE-2007-6015 - Remote Code Execution in Samba's nmbd (send_mailslot())
(samba.org, 2007.12.10)

$B!!(Bsamba 3.0.0$B!A(B3.0.27a $B$K7g4Y!#(B send_mailslot() $B4X?t$K(B buffer overflow $B$9$k7g4Y$,$"$j!"(Blocal network $B$+$iG$0U$N%3!<%I$rl9g$K7g4Y$,H/8=$9$k!#(B CVE-2007-6015

$B!!(Bsamba 3.0.28 $B$G=$@5$5$l$F$$$k!#$^$?(B 3.0.27a $BMQ$N(B patch $B$,MQ0U$5$l$F$$$k!#(B $B?@8M$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!4XO"(B: [Full-disclosure] Secunia Research: Samba "send_mailslot()" Buffer Overflow Vulnerability

2007.12.18 $BDI5-(B:

$B!!(BPoC

2008.02.21 $BDI5-(B:

$B!!(BJVNVU#438395 - Samba send_mailslot() $B$K$*$1$k%P%C%U%!%*!<%P!<%U%m!<$N@H

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2007.11.29)

$B!!(BCORE-2007-0821: Lotus Notes buffer overflow in the Lotus WorkSheet file processor $B$N7o!"(BSymantec Mail Security $B$K$b1F6A$9$kLOMM(B: SA27871: Symantec Mail Security Lotus 1-2-3 File Viewer Buffer Overflows

$B"#(B 2007.12.15

$B"#(B $BDI5-(B

$B%^%$%/%m%=%U%H(B 2007 $BG/(B 12 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!4XO"(B: MS06-069 Cumulative Security Update for Internet Explorer - Bulletin Webpage Upload Times (MSRC blog, 2007.12.14)$B!#(B MS07-069 - $B6[5^!!(BInternet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (942615) $B$NFI$_9~$_(B (patch $B$N$G$O$J$/!"(Bbulletin page $B$N(B) $B$K;~4V$,$+$+$k$H$$$&%U%#!<%I%P%C%/$,J#?t$"$C$?LOMM!#$3$l$X$NBP1~$H$7$F!"(B $B1Q8lHG(B$B$G$O(B Security Update Deployment $B$N(B File Information $BItJ,$r(B KB942615 $B$KJ,N%$7$?!#F|K\8lHG$G$bAaHU$=$&$J$k$H;W$o$l!#(B

MS Access$B$N%(%/%9%W%m%$%H=P8=!"IT?3$J(Bmdb$B%U%!%$%k$KCm0U(B

$B!!4XO"(B:

$B"#(B SquirrelMail package compromise
(SANS ISC, 2007.12.14)

$B!!(BSquirrelMail 1.4.11 / 1.4.12 $B$,2~$6$s$5$l$F$$$?LOMM!#(B $B%j%j!<%9%a%$%s%F%J$N0l?M$N%"%+%&%s%H$,GK$i$l$?$N$,860x$i$7$$!#(B

$B!!$3$l$r

2007.12.18 $BDI5-(B:

$B!!2~$6$s$K$h$C$F!"%j%b!<%H$+$i$N%U%!%$%kFI$_9~$_$r>7$/$h$&$J7g4Y$,Kd$a9~$^$l$F$$$?!#(B CVE-2007-6348

$B"#(B 2007.12.14

$B"#(B InterScan VirusWall for Small and Medium Businesses 5.0 Linux$BHG(B Patch 4(Build_1149)$B$N35MW$*$h$SE,MQJ}K!(B
($B%H%l%s%I%^%$%/%m(B, 2007.12.13)

$B!!$U$%$`!D!D(B

InterScan VirusWall$B$,(BQuoted Printable$B%(%s%3!<%I$r
InterScan VirusWall$B$,%*%j%8%J%k%a!<%k$N7oL>$r;HMQ$7$FDLCN%a%C%;!<%8$r9=@.$7!"(BQuoted Printable$B%(%s%3!<%I$r$N:G8e$,(BCR$BJ8;z$G!"DLCN%a%C%;!<%8$N:G8e$K%*%j%8%J%k%a!<%k$N7oL>$r5-=R$9$k$h$&@_Dj$7$F$$$k>l9g$KH/@8$7$^$9!#(B

$BK\(BPatch$B$NE,MQ8e$O!"DLCN%a%C%;!<%8$N:G8e$,(BCR$BJ8;z$N>l9g$G$b(BInterScan VirusWall$B$,(BQuoted Printable$B$K$h$j@5>o$K%a%C%;!<%8$r%(%s%3!<%I$G$-$k$h$&$K$J$j$^$9!#(B

$B!!$=$l$C$F(B remote $B$+$i(B DoS $B967b2DG=$J%;%-%e%j%F%#7g4Y$@$h$M!D!D!#(B

$B"#(B $BDI5-(B

JustSystem Ichitaro JSGCI.DLL Unspecified Stack Buffer Overflow Vulnerability

$B!!9pCN$H(B patch $B=P$^$7$?(B: $B%8%c%9%H%7%9%F%`@=IJ$N@H ($B%8%c%9%H%7%9%F%`(B, 2007.12.14)$B!#1F6AHO0O$,%a%,$G$+$$$G$9!#$$$d!"$3$l$O$R$I$$!#(B

  • $B0lB@O:(B 2007 / 2006 / 2005 / 2004 / 13 / 12 / 11 / 10 / 9 / SE / Home
  • $B0lB@O:(B Lite2, $B0lB@O:(B for Linux, $B0lB@O:%S%e!<%"(B (5.0.6.0 $B0JA0(B)
  • XML $B%F%s%W%l!<%H%/%j%(!<%?!<(B 1 / 2 / 3
  • FormLiner for XML/SGML
  • $B0lB@O:(B 9 SGML $B%(%/%9%F%s%7%g%s(B
  • Netnote
  • $B2V;R(B 2007 / 2006 / 2005 / 2004 / 13 / 12 / 11 / 10 / 9
  • $B2V;R%S%e!<%"(B (2.0.1.0 $B0JA0(B)
  • $B;0;MO:(B 2007 / 2005 / 9 / SE / Home
  • $B%i%Y%k%^%$%F%#(B 1 / 2 / 3 / 4 / 5 / 6 / 7 / 8
  • $B%i%Y%k%^%$%F%#(B POP in Shop 1 / 2 / 3 / 4 / 5
  • $B3Z!9$O$,$-(B 2008 / 2007 / 2006 / 2005 / 2004 / 2003 / 2002 / 2001 / 2000
  • $B%^%$%Z%s%7%k(B
  • $B%[!<%`%Z!<%8%_%C%/%9(B
  • $B%I%/%?!<%^%&%9(B [$B1QOB!?OB1Q!?9q8l<-E5(B]
  • $B%;!<%k%9%^%$%F%#(B
  • $B?^2r%^%9%?!<(B
  • $B%8%c%9%H%9%^%$%k(B 2 / 3 @$B%U%l%s%I(B
  • $B%8%c%9%H%9%^%$%k(B 1 / 2 / 3
  • $B0lB@O:%9%^%$%k(B 1 / 2 / 3
  • $B%8%c%9%H%8%c%s%W(B 2 / 3 @$B%U%l%s%I(B
  • $B%8%c%9%H%8%c%s%W(B 1 / 2 / 3
  • $B0lB@O:%8%c%s%W(B 1 / 2 / 3
  • $B$D$?$o$k$M$C$H(B 1 / 3 @$B%U%l%s%I(B
  • $B$O$C$T$g$&L>?M(B 1 / 2 / 3
  • $B$R$i$a$-%i%$%?!<(B 1 / 2 / 3
  • $B$+$$$1$DI=%0%i%U(B 1 / 2 / 3
  • $BCO?^%9%?%8%*(B
  • $BJ8;z%9%?%8%*(B 1 / 2
  • $B8&=$%G%6%$%J!<(B

$B!!=$@5%W%m%0%i%`$O(B JS$B6&DL(B $B%;%-%e%j%F%#99?7%b%8%e!<%k(B$B$H$$$&L>A0$G$9$M!#(B $B!V%8%c%9%H%7%9%F%`@=IJ6&DL%U%!%$%k!W$G$9$+!#0lB@O:%S%e!<%"$O:G?7HG$r:F%$%s%9%H!<%k$7$^$9!#(B

$B!!0lB@O:(B for Linux $B$H2V;R%S%e!<%"$N$_!"$^$@=$@5%W%m%0%i%`(B / $B=$@5HG$,$"$j$^$;$s!#(B

$B!!4XO"(B:

QuickTime$B$K$^$??7$?$J@HZ%3!<%I$b8x3+(B

$B!!(BQuickTime 7.3.1 $B$,EP>l!"$h$&$d$/=$@5$5$l$?!#(B About the security content of QuickTime 7.3.1 (Apple)

$B"#(B $B9q@/A*5s$K$*$1$kEE;REjI<$N@H
($BIpED7=;K(B, 2007.12.13)

$B!!MxJX@-$7$+8+$F$$$J$$;vL320!"6b$7$+$_$F$$$J$$%a!<%+(B / $B@/<#20!"$O>/$J$/$J$$$N$@$m$&$J$"!#$^$"!"N)K!$H1?MQ$OJL(B layer $B$J$N$G!"$7$C$+$j$7$?@=IJ$@$1$,F3F~!&1?MQ$5$l$k$h$&$K$J$l$P$$$$$s$G$9$,!"@$$NCf$=$s$J$K4E$/$J$$$@$m$&$7$J$"!D!D!#(B NISC $B$N?M$+$i$b8@$C$F$d$C$F2<$5$$$h!#(B (typo fixed: $BIpED$5$s46

$B"#(B About the security content of QuickTime 7.3.1
(Apple, 2007.12.13)

$B!!(BQuickTime 7.3.1 $BEP>l!#(B RTSP $B$N7g4Y(B (CVE-2007-6166) $B$K2C$($F!"JL$N(B 2 $B7o$N7g4Y$,=$@5$5$l$F$$$k!#(B

  • QTL $B%U%!%$%k$N=hM}$K(B buffer overflow $B$9$k7g4Y$,$"$j!"96N,(B QTL $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2007-4706

  • Flash media handler $B$KJ#?t$N7g4Y$,$"$j!"$3$l$rMxMQ$9$k$HG$0U$N%3!<%I$rCVE-2007-4707

$B!!(B13:50 $B$K(B QuickTime 7.3 $B$r%$%s%9%H!<%k$7$?(B Windows XP $B$G(B Apple Software Update $B$r;n$7$F$_$?$,!"!V$*;H$$$N%=%U%H%&%'%"$O:G?7$N$b$N$G$9!#!W$H8@$o$l$F$7$^$C$?!#(B $B$J$s$@$+$J$"!#(B

$B"#(B 2007.12.13

$B"#(B JustSystem Ichitaro JSGCI.DLL Unspecified Stack Buffer Overflow Vulnerability
(securityfocus, 2007.12.13)

$B!!$^$?$7$F$b0lB@O:$G(B 0-day $B$i$7$$$G$9$h1|$5$s(B! $B>/$J$/$H$b0lB@O:(B 2005$B!A(B2007 $B$K1F6A$9$k$h$&$G$9!#(B $B4XO"(B: Trojan.Tarodrop.F (Symantec)$B!"(B Zero-day Vulnerabilities: Following the Trailblazers (Symantec blog, 2007.12.13)

2007.12.14 $BDI5-(B:

$B!!9pCN$H(B patch $B=P$^$7$?(B: $B%8%c%9%H%7%9%F%`@=IJ$N@H ($B%8%c%9%H%7%9%F%`(B, 2007.12.14)$B!#1F6AHO0O$,%a%,$G$+$$$G$9!#$$$d!"$3$l$O$R$I$$!#(B

  • $B0lB@O:(B 2007 / 2006 / 2005 / 2004 / 13 / 12 / 11 / 10 / 9 / SE / Home
  • $B0lB@O:(B Lite2, $B0lB@O:(B for Linux, $B0lB@O:%S%e!<%"(B (5.0.6.0 $B0JA0(B)
  • XML $B%F%s%W%l!<%H%/%j%(!<%?!<(B 1 / 2 / 3
  • FormLiner for XML/SGML
  • $B0lB@O:(B 9 SGML $B%(%/%9%F%s%7%g%s(B
  • Netnote
  • $B2V;R(B 2007 / 2006 / 2005 / 2004 / 13 / 12 / 11 / 10 / 9
  • $B2V;R%S%e!<%"(B (2.0.1.0 $B0JA0(B)
  • $B;0;MO:(B 2007 / 2005 / 9 / SE / Home
  • $B%i%Y%k%^%$%F%#(B 1 / 2 / 3 / 4 / 5 / 6 / 7 / 8
  • $B%i%Y%k%^%$%F%#(B POP in Shop 1 / 2 / 3 / 4 / 5
  • $B3Z!9$O$,$-(B 2008 / 2007 / 2006 / 2005 / 2004 / 2003 / 2002 / 2001 / 2000
  • $B%^%$%Z%s%7%k(B
  • $B%[!<%`%Z!<%8%_%C%/%9(B
  • $B%I%/%?!<%^%&%9(B [$B1QOB!?OB1Q!?9q8l<-E5(B]
  • $B%;!<%k%9%^%$%F%#(B
  • $B?^2r%^%9%?!<(B
  • $B%8%c%9%H%9%^%$%k(B 2 / 3 @$B%U%l%s%I(B
  • $B%8%c%9%H%9%^%$%k(B 1 / 2 / 3
  • $B0lB@O:%9%^%$%k(B 1 / 2 / 3
  • $B%8%c%9%H%8%c%s%W(B 2 / 3 @$B%U%l%s%I(B
  • $B%8%c%9%H%8%c%s%W(B 1 / 2 / 3
  • $B0lB@O:%8%c%s%W(B 1 / 2 / 3
  • $B$D$?$o$k$M$C$H(B 1 / 3 @$B%U%l%s%I(B
  • $B$O$C$T$g$&L>?M(B 1 / 2 / 3
  • $B$R$i$a$-%i%$%?!<(B 1 / 2 / 3
  • $B$+$$$1$DI=%0%i%U(B 1 / 2 / 3
  • $BCO?^%9%?%8%*(B
  • $BJ8;z%9%?%8%*(B 1 / 2
  • $B8&=$%G%6%$%J!<(B

$B!!=$@5%W%m%0%i%`$O(B JS$B6&DL(B $B%;%-%e%j%F%#99?7%b%8%e!<%k(B$B$H$$$&L>A0$G$9$M!#(B $B!V%8%c%9%H%7%9%F%`@=IJ6&DL%U%!%$%k!W$G$9$+!#0lB@O:%S%e!<%"$O:G?7HG$r:F%$%s%9%H!<%k$7$^$9!#(B

$B!!0lB@O:(B for Linux $B$H2V;R%S%e!<%"$N$_!"$^$@=$@5%W%m%0%i%`(B / $B=$@5HG$,$"$j$^$;$s!#(B

$B!!4XO"(B:

2007.12.18 $BDI5-(B:

$B!!(B$B%8%c%9%H%7%9%F%`@=IJ$N@H ($B%8%c%9%H%7%9%F%`(B) $B$,(B 12/17 $BIU$G2~D{$5$l$^$7$?!#(B $B1F6A$r

$B!!(B$B2V;R%S%e!<%"(B$B$N?7HG$O$^$@=P$F$$$J$$$h$&$G$9!#(B

$B!!4XO"(B:

2007.12.24 $BDI5-(B:

2007.12.25 $BDI5-(B:

$B!!(B$B%8%c%9%H%7%9%F%`@=IJ$N@H ($B%8%c%9%H%7%9%F%`(B) $B$,(B 12/18 $BIU$G2~D{$5$l$^$7$?!#(B $B1F6A$r

$B!!$^$?!"%i%Y%k%^%$%F%#$K4X$7$F!V!\(B[$B%W%i%9(B]$B!&(BLE$B!&(BJE$B!&%;%l%/%H!&%4!<%k%I%Q%C%/!&%V%k!<%Q%C%/!&%9%?!<%?!<%-%C%H!&>.3X@8HG!"%S%8%M%9JT!&%W%l%_%"%`!&$o$,$^$^%7%j!<%:!&%i%Y%k%3%l%/%7%g%s!&%9%F%C%+!<:2!&(BDIGA$B$r4^$`!W$H$$$&Cp

$B!!$5$i$K!"0lB@O:(B for Linux $B$N=$@5%W%m%0%i%`!"(B$B2V;R%S%e!<%"(B$B?7HG!"$O$C$T$g$&L>?M%S%e!<%"?7HG$,8x3+$5$l$F$$$^$9!#MxMQ

$B"#(B MySQL $BJ}LL(B
(NIST, 2007.12.10)

  • CVE-2007-5968 REJECT $B$5$l$F$$$k!#(B

  • CVE-2007-5969$B!#(B Bug #32111$B!#(B MySQL 6.0.4 / 5.1.23, MySQL Community Server 5.0.51 $B$G=$@5$5$l$k!#(B

  • CVE-2007-5970$B!#(B Bug #32091$B!#(B DATA DIRECTORY $B$H(B INDEX DIRECTORY $B%*%W%7%g%s$r;H$C$F(B partitioned table $B$r:n@.$9$k$3$H$G!"F1$8L>A0$NG$0U$N(B table $B$NA`:n8"8B$r

    MySQL 6.0.4 / 5.1.23 $B$G=$@5$5$l$k!#(B

  • CVE-2007-6303$B!#(B Bug #29908$B!#(B MySQL 6.0.4 / 5.1.23, MySQL Enterprise 5.0.52 $B$G=$@5$5$l$k!#(B

  • CVE-2007-6304$B!#(B Bug #29801$B!#(B MySQL 6.0.4 / 5.1.23, MySQL Enterprise 5.0.52 $B$G=$@5$5$l$k!#(B

$B!!4XO"(B:

$B"#(B $B$$$m$$$m(B (2007.12.13)
(various)

$B"#(B JVN#80057925$B!!(B Apache HTTP Server $B$N(B mod_imap $B$*$h$S(B mod_imagemap $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H
(JVN, 2007.12.13)

$B!!(BApache 1.3.0 - 1.3.39 / 2.0.35 - 2.0.61 / 2.2.0 - 2.2.6 $B$K7g4Y!#(B Apache 1.3 / 2.0 $B$N(B mod_imap $B$*$h$S(B Apache 2.2 $B$N(B mod_imagemap $B$K7g4Y$,$"$j!"(BXSS $B7g4Y$,H/8=$9$k!#(B CVE-2007-5000

$B!!(BApache 1.3.40 / 2.0.62 / 2.2.7 $B$G=$@5$5$l$k!#4{$K3F%P!<%8%g%s$N3+H/HG$G$O=$@5$5$l$F$$$k!#(B

2008.01.16 $BDI5-(B:

$B!!(BApache 1.3.40 / 2.0.62 / 2.2.7 $B$O%j%j!<%9$5$l$:!"(B Apache 1.3.41 / 2.0.63 / 2.2.8 $B$G=$@5$5$l$kLOMM!#(B

$B"#(B MS Access$B$N%(%/%9%W%m%$%H=P8=!"IT?3$J(Bmdb$B%U%!%$%k$KCm0U(B
(ITmedia, 2007.12.11)

$B!!(BActive Exploitation Using Malicious Microsoft Access Databases (US-CERT, 2007.12.10) $B$NOC!#(B MS Access Exploit in the Wild (McAfee blog, 2007.12.12) $B$K$h$k$H!"(B CVE-2007-6026 (Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability, PoC) $B$G$O$J$$$+$H1=$5$l$F$$$kLOMM!#(B $B$7$+$7(B McAfee Avert Labs $B$G$b>\:Y$ODO$a$F$$$J$$$h$&$@!#(B CVE-2007-6357

2007.12.15 $BDI5-(B:

$B!!4XO"(B:

$B"#(B $BDI5-(B

$B%^%$%/%m%=%U%H(B 2007 $BG/(B 12 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!0J2<$rDI5-(B:

$B"#(B 2007.12.12

$B"#(B $B$$$m$$$m(B (2007.12.12)
(various)

$B"#(B $BDI5-(B

$B%^%$%/%m%=%U%H(B 2007 $BG/(B 12 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!:#7n$O(B 7 $B7o$G$9!#(B

$B!!4XO"(B:

$B"#(B 2007.12.11

$B"#(B $BDI5-(B

ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability

$B!!9pCN$,CY$+$C$?8@$$$o$1(B: Vulnerability in Skype for Windows versions older than 3.6.x.216 (Skype, 2007.12.10)$B!"(B Skype for Win 3.6.x.216$B0JA0$K@H (Skype, 2007.12.11)

$B"#(B 2007.12.10

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2007.12.09)

$B!!(B[Full-disclosure] Heimdal ftpd uninitialized vulnerability $B$G$9$,!"(BCVE-2007-5769 $B$8$c$J$/$F(B CVE-2007-5939 $B$G$7$?$9$$$^$;$s!#(B

$B"#(B $B$$$m$$$m(B (2007.12.10)
(various)

$B"#(B 2007.12.09

$B"#(B $B$$$m$$$m(B (2007.12.09)
(various)

2007.12.10 $BDI5-(B:

$B!!(B[Full-disclosure] Heimdal ftpd uninitialized vulnerability $B$G$9$,!"(BCVE-2007-5769 $B$8$c$J$/$F(B CVE-2007-5939 $B$G$7$?$9$$$^$;$s!#(B

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2007.10.17)

$B!!(BBrightStor ARCserve Backup Security Notice (CA) $B$@$,!"(B $B>/$J$/$H$b(B CVE-2007-5327 $B$,$C$F$$$J$+$C$?LOMM$G!"?7$7$$(B patch $B$,8x3+$5$l$F$$$k!#(B $B4XO"(B: [UPDATE] CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability (cocoruder)

$B"#(B 2007.12.08

$B"#(B $B$$$m$$$m(B (2007.12.08)
(various)

$B"#(B $BDI5-(B

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B - 2007 $BG/(B 8 $B7n(B

$B!!(BMS07-042 - $B6[5^(B: XML $B%3%"(B $B%5!<%S%9$N@H $B$N(B patch $B$H(B TRACE $B%a%=%C%I$N7o$@$,!"(B@IT $B$N%9%/%j%W%H$O(B

  • Windows XP SP2 / Server 2003 SP1 $B0J9_$G$O!":G=i$+$i;H$($J$$!#(B
  • Windows 2000 $B$G$O!"(BMS07-042 patch $B$rE,MQ$9$k$H;H$($J$/$J$k(B

$B$H$$$&>u67$@$=$&$G$9!#;38}$5$sDI2C$N>pJs$"$j$,$H$&$4$6$$$^$9!#(B

OpenOffice.org: Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB)

$B!!4XO"(B: Sun Alert 103141 Manipulated Database Documents for StarOffice/StarSuite 8 May Lead to Arbitrary Code Execution (Sun Security Blog)

$B"#(B 2007.12.07

$B"#(B $B$$$m$$$m(B (2007.12.07)
(various)

$B"#(B $B%^%$%/%m%=%U%H(B 2007 $BG/(B 12 $B7n$N%;%-%e%j%F%#>pJs(B
(Microsoft, 2007.12.07)

$B!!:#7n$O(B 7 $B7o$G$9!#(B

$B!!4XO"(B:

2007.12.12 $BDI5-(B:

$B!!8x3+$5$l$?$N$GA4LLE*$K=q$-D>$7$?!#(B

2007.12.13 $BDI5-(B:

$B!!0J2<$rDI5-(B:

2007.12.15 $BDI5-(B:

$B!!4XO"(B: MS06-069 Cumulative Security Update for Internet Explorer - Bulletin Webpage Upload Times (MSRC blog, 2007.12.14)$B!#(B MS07-069 - $B6[5^!!(BInternet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (942615) $B$NFI$_9~$_(B (patch $B$N$G$O$J$/!"(Bbulletin page $B$N(B) $B$K;~4V$,$+$+$k$H$$$&%U%#!<%I%P%C%/$,J#?t$"$C$?LOMM!#$3$l$X$NBP1~$H$7$F!"(B $B1Q8lHG(B$B$G$O(B Security Update Deployment $B$N(B File Information $BItJ,$r(B KB942615 $B$KJ,N%$7$?!#F|K\8lHG$G$bAaHU$=$&$J$k$H;W$o$l!#(B

2007.12.22 $BDI5-(B:

$B!!(BMS07-065 - $B=EMW!!(B $B%a%C%;!<%8(B $B%-%e!<$N@H $B$N(B exploit $B$,=P$F$$$^$9!#(B

2008.01.17 $BDI5-(B:

$B!!(BMS07-065 - $B=EMW!!(B $B%a%C%;!<%8(B $B%-%e!<$N@H $B$@$,!"

$B"#(B ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability
(ZDI, 2007.12.07)

$B!!(BSkype for Windows < 3.6.0.216 $B$K7g4Y!#(B skype4com URI $B%O%s%I%i$K7g4Y$,$"$j!"C;$$J8;zNs$r=hM}$5$;$k$H%a%b%jGK2u$,H/@8!"G$0U$N%3!<%I$rCVE-2007-5989

$B!!(BSkype for Windows 3.6.0.216 (Skype 3.6 $B@5<0HG(B) $B0J9_$G=$@5$5$l$F$$$k!#(B Skype for Windows ver. 3.6.0.216 $BJQ99%m%0(B (Skype $BF|K\8l%V%m%0(B) $B$N:G8e$NJ}$K$"$k!V%P%0=$@5(B API: Skype4com$B$,2;@<=PF~NO$r@5$7$/$j%;%C%H$7$J$+$C$?!W$,$=$l$+(B?

2007.12.11 $BDI5-(B:

$B!!9pCN$,CY$+$C$?8@$$$o$1(B: Vulnerability in Skype for Windows versions older than 3.6.x.216 (Skype, 2007.12.10)$B!"(B Skype for Win 3.6.x.216$B0JA0$K@H (Skype, 2007.12.11)

$B"#(B ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows
(ZDI, 2007.12.07)

$B!!(BHP OpenView Network Node Manager 7.51 $B0JA0$K7g4Y!#(B CGI $B%W%m%0%i%`$K(B buffer overflow $B$9$k7g4Y$,$"$j!"(Bremote $B$+$i(B local SYSTEM $B8"8B$rC%CVE-2007-6204

$B!!(Bpatch $B$,MQ0U$5$l$F$$$k$N$GE,MQ$9$l$P$h$$!#;2>H(B: [security bulletin] HPSBMA02281 SSRT061261 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code

$B"#(B Run Installer, Run!
(Symantec blog, 2007.12.06)

$B!!(BIE $B$K$O!"(B <meta name="DownloadOptions" content="nosave"> $B$H=q$$$F$*$/$H!"%@%&%s%m!<%I%@%$%"%m%0$K$*$$$F(B [Save] $B$,I=<($5$l$J$$(B ([Run] $B$H(B [Cancel] $B$7$+B8:_$7$J$$(B) $B$H$$$&$9$P$i$7$$5!G=$,$"$k!"$H$$$&OC!#(B $B4XO"(B: CONTENT Attribute | content Property (msdn: Internet Explorer Developer Center)

$B!!(BFirefox, Opera, Safari $B$K$O$3$NLdBj$O$J$$$=$&$@!#(B

$B"#(B 2007.12.06

$B"#(B $B$$$m$$$m(B (2007.12.06)
(various)

$B"#(B 12$B7n(B1$BF|!A(B12$B7n(B3$BF|$K1\Mw$N3'MM$X!!%(%3%W%m%@%/%D!&%5%$%H$N%&%$%k%946@w$K$D$$$FCm0U$H$*4j$$(B
($B%(%3%W%m%@%/%D(B2007, 2007.12.04)

$B!!Nc$K$h$C$FNc$N$4$H$/$NLOMM!#(BBenjamin $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$BBP>]$N%&%$%k%9L>>N(B
36110103225.exe
JS_PSYME.ANT
EXPL_ANICMOO.GEN

$B!!FbMF(B:

$B!!!V(B36110103225.exe$B!W$G$0$0$C$F$_$k$H!"(B$BJ@ ($BL@<#:B(B, 2007.08.27) $B$J$s$F$N$b$R$C$+$+$j$^$9$M!#(B

$B"#(B OpenOffice.org: Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB)
(openoffice.org, 2007.12.03)

$B!!(BOpenOffice.org 2.x $B$KF1:-$5$l$F$$$k%G%U%)%k%H$N%G!<%?%Y!<%9%(%s%8%s(B HSQLDB $B$K7g4Y$,$"$j!"96N,%G!<%?%Y!<%9%I%-%e%a%s%H$r;H$C$FG$0U$N(B static Java $B%3!<%I$rCVE-2007-4575

$B!!(BOpenOffice.org 2.3.1 $B$KF1:-$5$l$F$$$k(B HSQLDB 1.8.0.9 $B$G=$@5$5$l$F$$$k!#(B

2007.12.08 $BDI5-(B:

$B!!4XO"(B: Sun Alert 103141 Manipulated Database Documents for StarOffice/StarSuite 8 May Lead to Arbitrary Code Execution (Sun Security Blog)

$B"#(B rsync: Daemon security fix in 3.0.0pre6 (with a patch for 2.6.9) + one more advisory
(rsync, 2007.11.28)

$B!!(Brsync $B$N(B 2 $B$D$N7g4Y$H$=$NBP=hK!$,@bL@$5$l$F$$$k!#$$$:$l$b(B rsyncd $B$N7g4Y!#(B

  • $B=q$-$3$_2DG=$J(B rsyncd $B$r(B use chroot = no $B$D$-$Gl9g$K!"%b%8%e!<%k3,AX30It$r;X$9$h$&$J%7%s%\%j%C%/%j%s%/$r:n@.$G$-$F$7$^$&!#(B CVE-2007-6199

    3.0.0-pre6 $B$G$O?7$7$$%*%W%7%g%s(B munge symlinks $B$,MQ0U$5$l!"(B $B$3$N$h$&$J>u67$KBP1~$G$-$k!#(B rsync 2.6.9 $B$K(B munge symlinks $B$rDI2C$9$k(B patch $B$bMQ0U$5$l$F$$$k!#(B rsyncd.conf $B$N%^%K%e%"%k%Z!<%8(B$B$b;2>H!#(B

  • $B=q$-$3$_2DG=$J(B rsyncd $B$G(B exclude / exclude from / filter $B%*%W%7%g%s$rMxMQ$7$F$$$k>l9g$K!"%7%s%\%j%C%/%j%s%/$dFCDj$N%*%W%7%g%s$r;H$C$F$3$l$i$N%U%#%k%?%j%s%0$r2sHr$G$-$k!#(B CVE-2007-6200

    $B$3$N>u67$r2sHr$9$k$K$O!"%7%s%\%j%C%/%j%s%/$K$D$$$F$O>e5-$HF1MM$K(B munge symlinks $B$r;H$$!"(B $BB>$K$D$$$F$O(B refuse options $B$G%*%W%7%g%s$N;HMQ$r@)8B$9$k!#(B

$B"#(B $BDI5-(B

QuickTime$B$K$^$??7$?$J@HZ%3!<%I$b8x3+(B

$B!!4XO"(B:

$B"#(B Squid Proxy Cache Security Update Advisory SQUID-2007:2 - Denial of service in cache updates
(Squid-cache.org, 2007.11.28)

$B!!(Bsquid 2.x / 3 $B$K7g4Y!#(B cache $B$N99?7=hM}$K7g4Y$,$"$j!"(Bremote $B$+$i(B DoS $B967b$rCVE-2007-6239

$B!!(Bpatch $B$,MQ0U$5$l$F$$$k(B: squid-2.6 $BMQ(B$B!"(Bsquid 3 $BMQ(B$B!#$^$?(B squid 2.6.STABLE17 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B 2007.12.05

$B"#(B 2007.12.04

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2007.10.30)

$B!!(BSonicStage $B$N7o!"=$@5%W%m%0%i%`$,8x3+$5$l$^$7$?(B: SonicStage CP$B!J(BSonicStage Ver.4.0/4.1/4.2/4.3$B!K(B $B%;%-%e%j%F%#@H (SONY)$B!#(B $BF?L>4uK>$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!4XO"(B: JVN#66291445 - SonicStage CP $B$K$*$1$k%P%C%U%!%*!<%P!<%U%m!<$N@H

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B - 2007 $BG/(B 8 $B7n(B

$B!!(BMS07-042 - $B6[5^(B: XML $B%3%"(B $B%5!<%S%9$N@H $B$N(B patch $B$rE,MQ$9$k$H!"(B Web$B%"%W%j%1!<%7%g%s$K@x$`%;%-%e%j%F%#%[!<%k!!(B $BBh(B4$B2s(B $B%(%i!<%a%C%;!<%8$N4m81@-(B (@IT) $B$N:G8e$K$"$k!"(BTRACE $B%a%=%C%I$r(B ($BL5M}LpM}(B?) $B;H$&%9%/%j%W%H$,pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B Second Life$B$G%j%s%G%s%I%k$,EpFq$N62$l(B--$B%O%C%+!<$,;XE&(B
($BF|7P(B IT Pro, 2007.12.04)

Takahashi$B;a$O!$!V$3$N%(%/%9%W%m%$%H$,2DG=$J$N$O!$(BSecond Life$B$G$O%f!<%6!<$,<+J,$N%-%c%i%/%?!<$d2>A[@$3&$G$N=jM-J*$K1GA|$d2hA|$rAH$_9~$a$k$+$i$@!W$H$7!$$5$i$K$K!J(BSecond Life$BFb$G!K%f!<%6!<$,$"$kJ*BN$K6a$E$-!$$=$NJ*BN$,8+$($k0LCV$^$GMh$k$H!$(BSecond Life$B%=%U%H%&%'%"$,(BQuickTime$B$r5/F0$7!$$=$NJ*BN$N1GA|$d2hA|$r:F@8$9$k!#$=$l$i$,:F@8$5$l$F$$$k4V!$(BQuickTime$B$O(BSecond Life$B%=%U%H%&%'%"$r%&%'%V%5%$%H$KM6F3$9$k!#%O%C%+!<$?$A$O$3$N;EAH$_$rMxMQ$7!$(BQuickTime$B$N@H$N%f!<%6!<$,(B Second Life$BFb$G;HMQ$9$k%"%P%?!<$r>h$C

$B!!$R$'!A!#(B

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (945713) Web $B%W%m%-%7<+F0H/8+(B (WPAD) $B$N@HpJsO3$($$$,5/$3$k(B
(Microsoft, 2007.12.04)

$B!!$3$NOC$i$7$$(B: VeriSign: Flaw Is Bigger Threat to Grandma - International concerns surround Web Proxy Autodiscovery Protocol (WPAD) functionality in Web browsers (darkreading.com)$B!#(B.nz $B$K$O(B wpad.co.nz $B$d(B wpad.net.nz $B$d(B wpad.org.nz $B$,B8:_$9$k$1$I!"$3$l$C$F%^%:$/$J$$(B? $B$H$$$&OC$+$J!#(B Microsoft $B$N%j%>%k%P

$B!!2sHr:v(B:

  • $B<+AH?%Fb$G(B WPAD $B$r9=@.$7!"$3$l$r;HMQ$9$k$h$&@_Dj$9$k(B
  • IE $B$N%*%W%7%g%s@_Dj$K$*$$$F!"(B[$B@\B3(B] $B"*(B [LAN $B$N@_Dj(B] $B"*(B [$B<+F09=@.(B] $B$N!V@_Dj$r<+F0E*$K8!=P$9$k!W$rL58z$K$9$k(B
  • UseDomainNameDevolution $B$r(B 0 $B$K@_Dj$9$k(B ($B%G%U%)%k%H(B: 1)
  • $B%I%a%$%s8!:w%5%U%#%C%/%9%j%9%H$r@_Dj$9$k!#(B $B4XO"(B: DNS$B$N8!:w%5%U%#%C%/%9!&%j%9%H$rDj5A$9$k(B (@IT)

$B!!4XO"(B:

2007.12.27 $BDI5-(B:

$B!!4XO"(B: Web$B%W%m%-%7<+F0H/8+!J(BWPAD$B!K$N@H$NDI2C;XDj$K$D$$$F(B (JPRS, 2007.12.21)

JPRS$B$G$O!"$3$N@H]J8;zNs$rEvLL$N4VM=Ls%I%a%$%sL>$H$7$F;XDj$7!"$3$NJ8;zNs$rBh(B3$B%l%Y%k$^$?$OBh(B4$B%l%Y%k!JB0@-7?!&CO0h7?(BJP$B%I%a%$%sL>$N(B<$BAH?%%i%Y%k(B>$B!K$K;HMQ$7$?%I%a%$%sL>$NEPO?$,$G$-$J$$$h$&$K$7$^$7$?!#$3$NM=Ls%I%a%$%sL>$N;XDj$K4X$9$k!VB0@-7?!JAH?%EPO?Ey$K4X$9$k5;=Q:YB'!W$N2~D{$K$D$$$F$O!":#8e$N:.MpKI;_$NBP:v>u67Ey$r9MN8$N>e!"I,MW$K1~$8$F$*CN$i$;$$$?$7$^$9!#(B
($BCfN,(B) 
 $B!{BP>]J8;zNs(B

    $BB0@-7?!&CO0h7?(BJP$B%I%a%$%sL>(B

        * <$BAH?%%i%Y%k(B>$B$K(B"WPAD"$B$r;HMQ$7$?%I%a%$%sL>(B
          $BNc!'(BWPAD.CO.JP$B!"(BWPAD.CHIYODA.TOKYO.JP $B$J$I(B 

    $BHFMQ(BJP$B%I%a%$%sL>(B

        * $BM=LsJ8;zNs$NDI2C$O$"$j$^$;$s!#(B

$B"#(B 2007.12.03

$B"#(B 2007.12.02

$B"#(B $BDI5-(B

QuickTime$B$K$^$??7$?$J@HZ%3!<%I$b8x3+(B

$B!!$$$h$$$h(B in the wild

2007 $BG/(B 7 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BWindows Server 2003 $B$K(B MS07-039 patch $B$^$?$O(B SP2 $B$rE,MQ$7$?>l9g$KH/@8$9$kIT6q9g$NOC(B:

$B!!%7%s%0%k%I%a%$%s$N>l9g$K$O4X78$"$j$^$;$s!#(B

$B"#(B 2007.12.01

$B"#(B $BDI5-(B

Firefox 2.0.0.10 $B%j%j!<%9%N!<%H(B

$B!!(BFirefox 2.0.0.11 $B=P$^$7$?!#(B$B%j%j!<%9%N!<%H(B

[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B