$B%;%-%e%j%F%#%[!<%k(B memo - 2009.04

Last modified: Thu Apr 8 11:37:16 2010 +0900 (JST)

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B"#(B 2009.04.30

$B"#(B $BJ#?t$N%"%s%A%&%$%k%9%=%U%H$K$*$1$k%"!<%+%$%V%U%!%$%k$N07$$$K4X$9$k7g4Y(B
(Thierry Zoller, 2009.04.29)

$B!!J#?t$N%"%s%A%&%$%k%9%=%U%H$K$*$$$F!"%"!<%+%$%V%U%!%$%k$N07$$$K7g4Y$,$"$j!"96N,%"!<%+%$%VFb$N%U%!%$%k$KBP$9$k%&%$%k%98!:w$,9T$o$l$J$+$C$?!#(B $B$3$N

2009.05.06 $BDI5-(B:

$B!!B?J,4XO"(B:

$B"#(B $B!V9qN)46@w>I8&5f=j!W$r:>>N$7$?%V%?%$%s%U%k%(%s%64XO"%a!<%k$K$4Cm0U$/$@$5$$(B
($B9qN)46@w>I8&5f=j(B, 2009.04.28)

$B!!%&%$%k%9$D$-$K$;%a!<%k$,Mh$F$$$k$=$&$G!#DGL>$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2009.05.07 $BDI5-(B:

$B!!(BSwine Flu Spam Attempt to Infect Japanese Users (trendmicro blog, 2009.05.03) $B$K$h$k$H!"%H%l%s%I%^%$%/%m$G$O(B TROJ_PIDIEF.UA $B$*$h$S(B TROJ_PIDIEF.TY $B$H$7$F8!=P$9$k$=$&$G!#(B

$B!!$C$F!D!D!#(B$B%5%$%P!<6u4V$K$*$1$kFZ%$%s%U%k%(%s%6A{F0$N1F6A(B ($B%H%l%s%I%^%$%/%m(B $B%;%-%e%j%F%#(B blog, 2009.04.30) $B$@$H%K%e%"%s%9$,0[$J$k$>!#(BSwine Flu Spam Attempt to Infect Japanese Users (trendmicro blog, 2009.05.03) $B$G$O(B

Spammed messages with the subject Warning of Swine Flu claiming to be from the National Institute of Infectious Diseases, encourages users to open an attached .ZIP file, to $B!H(Blearn$B!I(B more about the pandemic (detection available as TROJ_PIDIEF.UA and TROJ_PIDIEF.TY). Our engineers have verified that TROJ_PIDIEF.TY drops and executes BKDR_KUPS.G.

$B$H$"$k$N$G!"(Bzip $B$NCf?H$,(B TROJ_PIDIEF.UA $B$*$h$S(B TROJ_PIDIEF.TY $B$G$"$k$h$&$KFI$a$k$N$@$,!"(B$B%5%$%P!<6u4V$K$*$1$kFZ%$%s%U%k%(%s%6A{F0$N1F6A(B ($B%H%l%s%I%^%$%/%m(B $B%;%-%e%j%F%#(B blog, 2009.04.30) $B$G$O(B

$B!!$3$&$7$?;vNc$OB>$+$i$b4s$;$i$l$F$$$^$9!#B>$N;vNc$G$O!V(B.ZIP$B!W%U%!%$%k$N$_$J$i$:!"!V(B.PDF$B!W!J!V(BTROJ_PIDIEF.TY$B!W!"!V(BTROJ_PIDIEF.UA$B!WEy!K(B/$B!V(B.DOC$B!W$J$I$NJ8=q%U%!%$%k$rAu$C$?%&%$%k%9$b$7$/$O!"J8=q:n@.%=%U%H%&%'%"$N@HW$-967b$r9T$&%&%$%k%9$NB8:_$r3NG'$7$F$$$^$9!#(B

TROJ_PIDIEF.UA $B$d(B TROJ_PIDIEF.TY $B$O$"$/$^$G!VB>$N;vNc!W$G$"$j!"Ev3:(B zip $B$NCf?H$,2?$J$N$+$OA4$/ITL@$@!#(B

$B"#(B 2009.04.29

$B"#(B AutoRun changes in Windows 7
(Microsoft Security Research & Defense, 2009.04.28)

$B!!(BWindows 7 RC $B0J9_$G$O!"<+F0:F@8(B / $B<+F0

  1. $B<+F0:F@8(B (AutoPlay) $B$K$*$$$F!"Hs8w3X$N%j%`!<%P%V%k%a%G%#%"$KBP$7$F$O<+F0

  2. $B%@%$%"%m%0$NJ88@$K

    $B$3$l$O!"(BU3 $B$N$h$&$J!"(B CD/DVD-ROM $B$H$7$F$b5sF0$9$k(B USB $B%a%b%j$X$NBP1~$@$=$&$G!#(B

$B!!>e5-$NJQ99$O!">-MhE*$K$O(B Windows XP / Vista $B$K$b$J$5$l$kM=Dj$@$=$&$G!#(B

$B!!4XO"(B:

$B"#(B $BDI5-(B

bid 34736: Adobe Reader 'getAnnots()' Javascript Function Remote Code Execution Vulnerability

$B!!>pJs$,99?7$5$l$^$7$?(B: Update on Adobe Reader Issue (Adobe PSIRT blog, 2009.04.28)$B!#(B

  • Adobe Reader / Acrobat 9.1, 8.1.4, 7.1.1 $B0JA0$K1F6A(B

  • Linux $BHG$@$1$G$J$/!"(BWindows $BHG$d(B Mac $BHG$K$b1F6A(B

  • $B99?7HG$N8x3+$K$OL\=h$ON)$C$F$$$J$$(B

  • JavaScript $B$rL58z$K@_Dj$9$k$3$H$G2sHr$G$-$k(B

$B!!2C$($F!"(Bbid 34736 $B$H$OJL$N!"(B bid 34740: Adobe Reader 'spell.customDictionaryOpen()' JavaScript Function Remote Code Execution Vulnerability (SecurityFocus, 2009.04.27) $B$H$$$&7g4Y$b$"$k$=$&$G$9!#(B

$B!!(BTwo new vulnerabilities in Adobe Acrobat Reader (F-Secure blog, 2009.04.29) $B$G$O(B 3rd party $B@=$N(B PDF $B%=%U%H$K$D$$$F$b8@5Z$7$F$$$k!#$^$!!"(B3rd party $BIJ$K$b7g4Y$O$"$k$N$GCm0U$OI,MW$J$N$G$9$,!#(B

$B"#(B 2009.04.28

$B"#(B bid 34736: Adobe Reader 'getAnnots()' Javascript Function Remote Code Execution Vulnerability
(SecurityFocus, 2009.04.27)

$B!!>/$J$/$H$b(B Adobe Reader 8.1.4 / 9.1 for Linux $B$KL$=$@5$N7g4Y!#(BJavaScript $B$N4X?t(B getAnnots() $B$K7g4Y$,$"$j!"$3$l$rMxMQ$9$k$HG$0U$N%3!<%I$rPoC $B%3!<%I(B$B$,8x3+$5$l$F$$$k!#(BCVE-2009-1492

$B!!$3$N7o$K$D$$$F!"(BAdobe $B$OD4::Cf(B: Potential Adobe Reader Issue (Adobe PSIRT blog, 2009.04.27)

2009.04.29 $BDI5-(B:

$B!!>pJs$,99?7$5$l$^$7$?(B: Update on Adobe Reader Issue (Adobe PSIRT blog, 2009.04.28)$B!#(B

$B!!2C$($F!"(Bbid 34736 $B$H$OJL$N!"(B bid 34740: Adobe Reader 'spell.customDictionaryOpen()' JavaScript Function Remote Code Execution Vulnerability (SecurityFocus, 2009.04.27) $B$H$$$&7g4Y$b$"$k$=$&$G$9!#(BCVE-2009-1493

$B!!(BTwo new vulnerabilities in Adobe Acrobat Reader (F-Secure blog, 2009.04.29) $B$G$O(B 3rd party $B@=$N(B PDF $B%=%U%H$K$D$$$F$b8@5Z$7$F$$$k!#$^$!!"(B3rd party $BIJ$K$b7g4Y$O$"$k$N$GCm0U$OI,MW$J$N$G$9$,!#(B

2009.05.07 $BDI5-(B:

$B!!(BAdobe Reader Issue Update (Adobe Product Security Incident Response Team (PSIRT), 2009.05.01)$B!#=$@5HG$O(B 2009.05.12 ($BB?J,JF9q;~4V(B) $B$K8x3+$5$l$k$=$&$G!#(BWindows $BHG$N(B Adobe Reader / Acrobat 7.x / 8.x / 9.x$B!"(B Mac OS X $BHG$N(B Adobe Reader / Acrobat 8.x / 9.x$B!"(B Unix $BHG$N(B Adobe Reader 8.x / 9.x $B$,MQ0U$5$l$k!#(B

2009.05.13 $BDI5-(B:

$B!!=$@5HG=P$^$7$?!#(BAPSB09-06: Security Updates available for Adobe Reader and Acrobat (Adobe, 2009.05.12) $B$r;2>H!#(B

2009.05.15 $BDI5-(B:

$B!!(BAdobe Reader $B5Z$S(B Acrobat $B$N@H (JPCERT/CC, 2009.05.13)

2009.06.09 $BDI5-(B:

$B!!(BIBM ISS $B$G(B CVE-2009-1492 $B$N?7$?$J967b%3!<%I$r3NG'$7$?$=$&$G$9(B: Adobe Reader / Acrobat$B$N@H (IBM, 2009.06.08)$B!#pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B Firefox 3.0.10 $B%j%j!<%9%N!<%H(B
(mozilla.jp, 2009.04.28)

$B!!(BFirefox 3.0.10 $BEP>l!#(BFirefox 3.0.9 $B$KB8:_$7$?!V0BDj@-$K4X$o$k=EBg$JLdBj!W!"$*$h$S(B MFSA 2009-23: nsTextFrame::ClearTextRun() $B$K$*$1$k%/%i%C%7%e(B $B$r=$@5!#(BCVE-2009-1313$B!#9b66$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!$$$^$I$-$N(B Microsoft $B$J$i!"$3$&$$$&%l%Y%k$NIJ

$B"#(B 2009.04.27

$B"#(B 2009.04.26

$B"#(B $BDI5-(B

$B%0!<%0%k!"!V(BChrome$B!W$N=EBg$J%;%-%e%j%F%#%[!<%k$r=$@5(B

$B!!(BCVE-2009-1340 $B$8$c$J$/$F(B CVE-2009-1412 $B$N$h$&$@!#(BStable Update: Security Fix (Google Chrome Releases, 2009.04.23) $B$K$O(B CVE-2009-1340 $B$C$F=q$$$F$"$k$s$@$,$J$"!#(B

$B"#(B $B$$$m$$$m(B (2009.04.26)
(various)

$B"#(B 2009.04.25

$B"#(B 2009.04.24

$B"#(B $B%0!<%0%k!"!V(BChrome$B!W$N=EBg$J%;%-%e%j%F%#%[!<%k$r=$@5(B
(ZDNet, 2009.04.24)

$B!!$3$N7o(B: Stable Update: Security Fix (Google Chrome Releases, 2009.04.23)$B!#(B1.0.154.59 $B$K$*$$$F!"(B CVE-2009-1340: ChromeHTML protocol handler same-origin bypass $B$,=$@5$5$l$F$$$k!#(B

$B!!(BGoogle Chrome $B$r%$%s%9%H!<%k$7$?(B PC $B$K$*$$$F!"MxMQH$9$k$H!"967b

2009.04.26 $BDI5-(B:

$B!!(BCVE-2009-1340 $B$8$c$J$/$F(B CVE-2009-1412 $B$N$h$&$@!#(BStable Update: Security Fix (Google Chrome Releases, 2009.04.23) $B$K$O(B CVE-2009-1340 $B$C$F=q$$$F$"$k$s$@$,$J$"!#(B

$B"#(B 2009.04.23

$B"#(B $B!V(BOAuth$B!W%W%m%H%3%k$K@H
(ZDNet, 2009.04.23)

$B!!(BOAuth $B$K7g4Y!#FCDj$N

2009.11.16 $BDI5-(B:

$B!!%W%m%H%3%k%P!<%8%g%s(B 1.0a $B$GD>$C$?$_$?$$!#(B

$B"#(B $B%K%e!<%8!<%i%s%I$NCxL>$J%5%$%H$N(BDNS$B%l%3!<%I$,%O%$%8%c%C%/$5$l$k(B
(ZDNet, 2009.04.22)

$B!!(BDomainz.net $B$H$$$&(B$B%l%8%9%H%i(B$B$N(B Web $B%"%W%j$,%/%i%C%/$5$l$?7k2L!"(B .nz $B%I%a%$%s2<$NJ#?t$N%I%a%$%s>pJs$,=q$-$+$($i$l!"K\Mh$H$O0[$J$k%5%$%H$KM6F3$5$l$F$7$^$C$?OC!#(B Microsoft.co.nz$B!"(BSONY.co.nz $B$H$$$C$?CxL>%5%$%H!"(BF-Secure.co.nz $B$J$I$N%;%-%e%j%F%#%5%$%H$K$b1F6A$,$"$C$?$=$&$G!#(B $BEv3:(B Web $B%"%W%j$K$O(B SQL $B%$%s%8%'%/%7%g%s7g4Y$,B8:_$7$?$N$@$=$&$G!#(B

$B!!>.;3$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B Firefox 3.0.9 $B%j%j!<%9%N!<%H(B
(mozilla.jp, 2009.04.23)

$B!!(BFirefox 3.0.9 $BEP>l!#(B9 $B7o$N7g4Y$,=$@5$5$l$F$$$k!#7g4Y$N$$$/$D$+$O(B SeaMonkey $B$*$h$S(B Thunderbird $B$K$b1F6A$9$k$,!"(B $B=$@5M=Dj$NN)$C$F$$$J$$7g4Y$,J#?tB8:_$9$k!#(B

$B%"%I%P%$%6%j!"(BCVE $B35MW(B Thunderbird $B=$@5HG(B Seamonkey $B=$@5HG(B $BFC5-;v9`(B
MFSA 2009-22
CVE-2009-1312 		Refresh $B%X%C%@$K$h$k(B javascript: URI $B$X$N%j%@%$%l%/%H(B - $BL$Dj(B
MFSA 2009-21
CVE-2009-1311		 $BKd$a9~$_%U%l!<%`$r4^$`(B Web $B%Z!<%8$rJ]B8$9$k:]!"(BPOST $B%G!<%?$,0[$J$k%5%$%H$KAw?.$5$l$k(B - 1.1.17
MFSA 2009-20
CVE-2009-1310 		$B0- - -
MFSA 2009-19
CVE-2009-1309 		XMLHttpRequest $B$H(B XPCNativeWrapper.toString $B$rDL$8$?F10l@8@.850cH?(B $BL$Dj(B $BL$Dj(B JavaScript $B$rL58z$K$9$l$P2sHr$G$-$k!#(BThunderbird $B$N%G%U%)%k%H@_Dj$G$O(B JavaScript $B$OL58z$K$5$l$F$$$k!#(B
MFSA 2009-18
CVE-2009-1308 		$B%5!<%I%Q!<%F%#$N%9%?%$%k%7!<%H$H(B XBL $B%P%$%s%G%#%s%0$rMQ$$$?(B XSS $B967b(B $BL$Dj(B $BL$Dj(B JavaScript $B$rL58z$K$9$l$P2sHr$G$-$k!#(BThunderbird $B$N%G%U%)%k%H@_Dj$G$O(B JavaScript $B$OL58z$K$5$l$F$$$k!#(B
MFSA 2009-17
CVE-2009-1307 		Adobe Flash $B$,(B view-source: $B%9%-!<%^$rDL$8$FFI$_9~$^$l$k:]$NF10l@8@.850cH?(B $BL$Dj(B $BL$Dj(B JavaScript $B$rL58z$K$9$l$P2sHr$G$-$k!#(BThunderbird $B$N%G%U%)%k%H@_Dj$G$O(B JavaScript $B$OL58z$K$5$l$F$$$k!#(B
MFSA 2009-16
CVE-2009-1306 		jar: $B%9%-!<%^$K$h$C$FFbIt(B URI $B$K;XDj$5$l$?(B content-disposition: $B%X%C%@$,L5;k$5$l!"%3%s%F%s%D$,%$%s%i%$%s$GE83+$5$l$F$7$^$&(B $BL$Dj(B $BL$Dj(B
MFSA 2009-15
CVE-2009-0652 		Unicode $B7S@~J8;z$r;H$C$F(B URL $B$r56Au$G$-$k(B 2.0.0.21 1.1.15 $B9q:]2=%I%a%$%sL>(B (IDN) $B$M$?(B
MFSA 2009-14
CVE-2009-1302
CVE-2009-1303
CVE-2009-1304
CVE-2009-1305 		$B%a%b%jGK2u$N7A@W$,$"$k%/%i%C%7%e(B (rv:1.9.0.9) 2.0.0.22 1.1.16 $B8=;~E@$G$O!"(BJavaScript $B$rL58z$K$9$l$P2sHr$G$-$k$H9M$($i$l$F$$$k!#(BThunderbird $B$N%G%U%)%k%H@_Dj$G$O(B JavaScript $B$OL58z$K$5$l$F$$$k!#(B

$B"#(B 2009.04.22

$B"#(B $BDI5-(B

Microsoft 2009 $BG/(B 4 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BMS09-014 patch $B$K4^$^$l$k!"Hs%;%-%e%j%F%#$J=$@5(B: After you install security update 956390, Internet Explorer stops responding when you click an image to remove it (Microsoft KB 969234)

$B"#(B 2009.04.21

$B"#(B $BDI5-(B

Microsoft 2009 $BG/(B 4 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BMS09-014 $BH/8+MS09-014: EMBED element memory corruption (Skylined, 2009.04.19)$B!#(B milw0rm$B!#(B

$B!!(BMonthly Security Bulletin Webcast Q&A - April 2009 (MSRC blog, 2009.04.20) $B$,=P$F$^$7$?!#(B

$B"#(B 2009.04.20

$B"#(B $B$$$m$$$m(B (2009.04.20)
(various)

$B"#(B 2009.04.19

$B"#(B $B$$$m$$$m(B (2009.04.19)
(various)

$B"#(B 2009.04.18

$B"#(B Poken/$B%;%-%e%j%F%#>e$N$4Cm0U(B - $B%*!<%H%m%0%$%s$O(Boff$B!"$G$M!#(B
(tech tech okdt, 2009.04.18)

$B!!(BPoken $B$H$$$&$b$N$,$"$k$N$G$9$+!#(B $B2,ED$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B $BDI5-(B

Microsoft Excel $B$K(B 0-day $B7g4Y$+(B

$B!!(BMS09-009 - $B6[5^(B: Microsoft Office Excel $B$N@H (Microsoft) $B$G=$@5$5$l$^$7$?!#(B

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (960906) Microsoft $B%o!<%I%Q%C%I$N%F%-%9%H(B $B%3%s%P!<%?!<$N@H

$B!!(BMS09-010 - $B6[5^(B: $B%o!<%I%Q%C%I$*$h$S(B Office $B%F%-%9%H(B $B%3%s%P!<%?!<$N@H $B$G=$@5$5$l$?!#(B

Safari Carpet Bomb

$B!!(BMS09-015 - $B7Y9p(B: SearchPath $B$NJ#9gE*6<0R$N@H:3J$5$l$k(B (959426) (Microsoft, 2009.04.15) $B$*$h$S(B MS09-014 - $B6[5^(B: Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (963027) (Microsoft, 2009.04.15) $B$G=$@5$5$l$^$7$?!#$?$@$7!":GBg$NKI8f$rF@$k$?$a$K$O!"(Bpatch $BE,MQ8e$K!"$5$i$K%l%8%9%H%j@_Dj$r9T$&I,MW$,$"$j$^$9!#C1$J$k=$@5$@$1$G$J$/!"(BSetSearchPathMode $B$H$$$&?7$?$J(B API $B$,

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLESEARCHPATH_KB963027]
"iexplore.exe"=dword:00000000

$B!!(BIE $B$K$*$$$F(B SetSearchPathMode API $B$rM-8z$K$9$k$K$O!">e5-$r(B regedit.exe /s $B%U%!%$%kL>(B $B$G@_Dj$7$^$9!#(B

$B!!$N$G$9$,!"(BWindows 2000 $B$N>l9g$O!"$=$b$=$b(B SetSearchPathMode API $B$rSafeDllSearchMode $B$r;H$($P$"$kDxEY$N$3$H$O$G$-$k$h$&$G!#$G$b$3$l!"(BWindows XP SP2 $B$G$O%G%U%)%k%HM-8z$K$J$C$F$$$k$o$1$G!"$D$^$j$O$=$NDxEY$N%l%Y%k$C$F$3$H$@$h$M!D!D!#(B

$B!!$"$H!"(BMS09-015 $B$NI{:nMQ$H$7$F!"(BKB959426 $B$K$O!V(BXSI 5.0 application does not load correctly$B!W(B $B$H$$$&OC$,7G:\$5$l$F$$$^$9!#BP1~J}K!$b5-:\$5$l$F$$$^$9!#(B

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (951306) Windows $B$N@H:3J$,9T$o$l$k(B

$B!!(BMS09-012 - $B=EMW(B: Windows $B$N@H:3J$5$l$k(B (959454) $B$G?k$K=$@5$5$l$?!#(BMS09-012: Fixing $B!H(BToken Kidnapping$B!I(B (Microsoft Security Research & Defense blog, 2009.04.14) $B$b;2>H!#(B

In the upcoming release of Windows 7 and Windows Server 2008 R2 systems, a new feature named Managed Service Accounts (http://technet.microsoft.com/en-us/library/dd367859.aspx) has been introduced which creates a more streamlined and flexible solution to the issues surrounding service isolation. It provides for services, which have opted to use the feature, the ability to run as a separate account which remotely authenticates with a managed domain SPN. It also provides seamless and automatic password management, similar to the computer account, which frees up time that administrators would previously have used to update user account passwords for these services. You can read more about creating Managed Service Accounts here http://technet.microsoft.com/en-us/library/dd548356.aspx.

Microsoft 2008 $BG/(B 10 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BHow Conficker makes use of MS08-067? (milw0rm, 2009.04.14)

$B"#(B 2009.04.17

$B"#(B Microsoft 2009 $BG/(B 4 $B7n$N%;%-%e%j%F%#>pJs(B
($BF|K\$N%;%-%e%j%F%#%A!<%`(B, 2009.04.15)

$B!!(B2009 $BG/(B 4 $B7n$N%;%-%e%j%F%#>pJs(B (Microsoft) $B$,K\2H$G$9$,!"(B$BF|K\$N%;%-%e%j%F%#%A!<%`$+$i$N>pJs(B$B$NJ}$,!"MW=j$,$^$H$^$C$F$$$k46$8!#$?$@$7!"(B Exploitability Index $B$N>pJs$O(B$BK\2H(B$B$r8+$J$$$H$o$+$i$J$$!#(B $B$"$H!"(BPrioritizing the deployment of the April security bulletins (Microsoft Security Research & Defense blog, 2009.04.14) $B$NI=$b$o$j$H$$$$46$8!#(B

2009.04.21 $BDI5-(B:
$B!!(BMonthly Security Bulletin Webcast Q&A - April 2009 (MSRC blog, 2009.04.20) $B$,=P$F$^$7$?!#(B

MS09-009 - $B6[5^(B: Microsoft Office Excel $B$N@H

$B!!(BExcel 2000 / 2002 (XP) / 2003 / 2007$B!"(BExcel Viewer$B!"(BExcel Viewer 2003$B!"(BOffice 2004 / 2008 for Mac$B!"(BWord/Excel/PowerPoint 2007 $B%U%!%$%k7A<0MQ(B Microsoft Office $B8_495!G=%Q%C%/$K(B 2 $B$D$N7g4Y!#(B

  • $B%a%b%j$NGKB;$N@HCVE-2009-0100$B!#(BExploitability Index: 2

    Excel $B%9%W%l%C%I%7!<%H%U%!%$%k7A<0$N=hM}$K7g4Y$,$"$j!"(B $B96N,(B Excel $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$r

  • $B%a%b%j$NGKB;$N@HCVE-2009-0238$B!#(BExploitability Index: 1

    Excel $B%9%W%l%C%I%7!<%H%U%!%$%k7A<0$N=hM}$K7g4Y$,$"$j!"(B $B96N,(B Excel $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rMicrosoft Excel $B$K(B 0-day $B7g4Y$+(B $B$N7o!#(B

MS09-010 - $B6[5^(B: $B%o!<%I%Q%C%I$*$h$S(B Office $B%F%-%9%H(B $B%3%s%P!<%?!<$N@H

$B!!(BWindows 2000 / XP / Server 2003$B!"(BWord 2000 / 2002 (XP)$B!"(BOffice Converter Pack $B$K(B 4 $B$D$N7g4Y!#$$$:$l$b%U%!%$%k7A<0%3%s%P!<%?!<$K$^$D$o$k7g4Y!#(B

$B!!(BACL $B$r@_Dj$7%3%s%P!<%?!<$rL58z2=$9$k$3$H$G!"7g4Y$r2sHr$G$-$k!#(B $B>\:Y$K$D$$$F$O(B MS09-010$B!"$"$k$$$O(B MS09-010: Reducing the text converter attack surface (Microsoft Security Research & Defense blog, 2009.04.14) $B$r;2>H!#(B

$B!!=$@5%W%m%0%i%`$rE,MQ$9$k$H!"%o!<%I%Q%C%I$O(B Word 6.0 $B%U%!%$%k$*$h$S(B Write $B%U%!%$%k$r3+$1$J$/$J$k!#:F$S3+$1$k$h$&$K$7$?$$>l9g$O!"(BKB960477 $B$K<($5$l$F$$$k

MS09-011 - $B6[5^(B: Microsoft DirectShow $B$N@H

$B!!(BDirectX 8.1 / 9.0 $B$K7g4Y!#(BDirectShow $B$K$*$1$k%U%!%$%k=hM}$K7g4Y$,$"$j!"(B $B96N,(B MJPEG $B%U%!%$%k!"$"$k$$$O96N,(B MJPEG $B$,Kd$a9~$^$l$?(B AVI $B$J$I$N%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2009-0084$B!#(B Exploitability Index: 2

MS09-012 - $B=EMW(B: Windows $B$N@H:3J$5$l$k(B (959454)

$B!!(BWindows 2000 / XP / Server 2003 / Vista / Server 2008 $B$K(B 4 $B$D$N7g4Y!#(B $B8"8B>e>:$r>7$/7g4Y$,$"$j!"(Blocal user $B$,4IM}

  • Windows MSDTC $B$N%5!<%S%9$NJ,N%$N@HCVE-2008-1436

  • Windows WMI $B$N%5!<%S%9$NJ,N%$N@HCVE-2009-0078

  • Windows RPCSS $B$N%5!<%S%9$NJ,N%$N@HCVE-2009-0079

  • Windows ThreadPool ACL $B$NCVE-2009-0080

$B0J>e$O!"$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (951306) Windows $B$N@H:3J$,9T$o$l$k(B$B$N7o!#(B Token Kidnapping $B$N7o$H8@$C$?J}$,$$$$$+!#(B MS09-012: Fixing $B!H(BToken Kidnapping$B!I(B (Microsoft Security Research & Defense blog, 2009.04.14) $B$b;2>H!#(B

In the upcoming release of Windows 7 and Windows Server 2008 R2 systems, a new feature named Managed Service Accounts (http://technet.microsoft.com/en-us/library/dd367859.aspx) has been introduced which creates a more streamlined and flexible solution to the issues surrounding service isolation. It provides for services, which have opted to use the feature, the ability to run as a separate account which remotely authenticates with a managed domain SPN. It also provides seamless and automatic password management, similar to the computer account, which frees up time that administrators would previously have used to update user account passwords for these services. You can read more about creating Managed Service Accounts here http://technet.microsoft.com/en-us/library/dd548356.aspx.

MS09-013 - $B6[5^(B: Windows HTTP $B%5!<%S%9$N@H

$B!!(BWindows 2000 / XP / Server 2003 / Vista / Server 2008 $B$N(B Windows HTTP Services (WinHTTP) $B$K(B 3 $B$D$N7g4Y!#(B

  • Windows HTTP $B%5!<%S%9$N@0?t%"%s%@!<%U%m!<$N@HCVE-2009-0086$B!#(B Exploitability Index: 1

    Web $B%5!<%P$+$i$NLa$jCM$N8!>Z$,IT==J,$J$?$a$K(B integer underflow $B$,H/@8!"96N,(B Web $B%5!<%P$,G$0U$N%3!<%I$r

    $B%f%K%P!<%5%k(B $B%W%i%0(B $B%"%s%I(B $B%W%l%$(B (UPnP) $B%5!<%S%9$,(B WinHTTP $B%i%$%V%i%j$r;HMQ$7$F$$$k$3$H$KCm0U$7$F$/$@$5$$!#$3$N%5!<%S%9$rM-8z$K$9$k$H!"%m!<%+%k(B $B%5%V%M%C%H$N0-

    bid 34435 $B$K$h$k$H!"(BImmunity CANVAS $B$G>&MQ(B exploit $B$,8x3+$5$l$F$$$k$=$&$@$,!"(B $B$3$N7g4Y$KBP$9$k(B exploit $B$OMF0W$K:n@.$G$-$kLOMM!#(B

  • Windows HTTP $B%5!<%S%9$N>ZL@=qL>$NIT0lCW$N@HCVE-2009-0089$B!#(B Exploitability Index: 1

    Web $B%5%$%H$N%5!<%P>ZL@=q$N8!>Z$,IT==J,$J$?$a!"%K%;%5%$%H$r%K%;$@$HH=CG$G$-$J$$$3$H$,$"$k!#(B 2009 $BG/(B 4 $B7n$N%;%-%e%j%F%#>pJs(B $B$G$O!V0-MQ%D!<%k$,8x3+$5$l$^$7$?!W(B $B$H$"$k$,!"(B Microsoft Security Bulletin Summary for April 2009 $B$+$i$O(B 2009.04.16 $BIU(B (V1.1) $B$G:o=|$5$l$F$$$k!#(B

  • Windows HTTP $B%5!<%S%9$N;q3J>pJs$NH?1G$N@HCVE-2009-0550$B!#(BExploitability Index: 1

    MS08-068 $B$K$*$1$k(B SMB $B$X$NBP1~!"(BMS08-076 $B$K$*$1$k(B Windows Media $B$X$NBP1~$K$R$-$D$E$-!"(B WinHTTP $B$K$*$1$k(B NTLN redential reflection attack $B$X$NBP1~!#(B MS09-013 and MS09-014: NTLM Credential Reflection Updates for HTTP clients (Microsoft Security Research & Defense blog, 2009.04.14) $B$b;2>H!#(B

MS09-014 - $B6[5^(B: Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (963027)

$B!!(BIE 5.01 / 6 / 7 $B$K(B 6 $B$D$N7g4Y!#(B

  • $BJ#9gE*$J6<0R$N%j%b!<%H$G%3!<%I$,CVE-2008-2540$B!#BP>]$O(B IE 7 $B$N$_!#(BExploitability Index: 3$B!#(B

    Safari Carpet Bomb $B$K4XO"$9$k(B IE $B$N=$@5!#(B SetSearchPathMode API $B$NDI2C$K$h$C$FBP1~$9$k$?$a!"(B patch $BE,MQ8e$K%l%8%9%H%j$N@_Dj$,I,MW!#(B $B0J2<$r(B regedit.exe /s $B$G@_Dj$9$k!#(B

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLESEARCHPATH_KB963027]
    "iexplore.exe"=dword:00000000

    $B$?$@$7!"(BWindows 2000 $B$G$O(B SetSearchPathMode API $B$rDI2C$G$-$J$$!#(B $B$=$N$+$o$j$H8@$C$F$O$"$l$@$,!"(BSafeDllSearchMode $B$rM-8z$K$7$F$*Cc$rBy$=$&!#(B

  • WinINet $B$N;q3J>pJs$N:FMxMQ$N@HCVE-2009-0550$B!#(BExploitability Index: 1

    MS08-068 $B$K$*$1$k(B SMB $B$X$NBP1~!"(BMS08-076 $B$K$*$1$k(B Windows Media $B$X$NBP1~$K$R$-$D$E$-!"(B WinINet $B$K$*$1$k(B NTLN redential reflection attack $B$X$NBP1~!#(B MS09-013 and MS09-014: NTLM Credential Reflection Updates for HTTP clients (Microsoft Security Research & Defense blog, 2009.04.14) $B$b;2>H!#(B

  • $B%Z!<%8$N@Z$jBX$($N%a%b%j$NGKB;$N@HCVE-2009-0551$B!#BP>]$O(B IE 6 / 7 $B$N$_!#(BExploitability Index: 2

    Web $B%Z!<%8$r0\F0$9$k4V$K%a%b%jGK2u$,H/@8!"96N,(B Web $B%Z!<%8$K$h$C$FG$0U$N%3!<%I$r

  • $B=i4|2=$5$l$F$$$J$$%a%b%j$NGKB;$N@HCVE-2009-0552$B!#BP>]$O(B IE 5.01 / 6 $B$N$_!#(BExploitability Index: 3

    $B=i4|2=$5$l$F$$$J$$%*%V%8%'%/%H$d:o=|$5$l$?%*%V%8%'%/%H$N07$$$K$*$$$F%a%b%jGK2u$,H/@8!"96N,(B Web $B%Z!<%8$K$h$C$FG$0U$N%3!<%I$r

  • $B=i4|2=$5$l$F$$$J$$%a%b%j$NGKB;$N@HCVE-2009-0553$B!#BP>]$O(B IE 6 / 7 $B$N$_!#(BExploitability Index: 3

    $B=i4|2=$5$l$F$$$J$$%*%V%8%'%/%H$d:o=|$5$l$?%*%V%8%'%/%H$N07$$$K$*$$$F%a%b%jGK2u$,H/@8!"96N,(B Web $B%Z!<%8$K$h$C$FG$0U$N%3!<%I$r

    2009.04.21 $BDI5-(B:
    $BH/8+MS09-014: EMBED element memory corruption (Skylined, 2009.04.19)$B!#(B milw0rm$B!#(B

  • $B=i4|2=$5$l$F$$$J$$%a%b%j$NGKB;$N@HCVE-2009-0554$B!#(BExploitability Index: 1

    $B=i4|2=$5$l$F$$$J$$%*%V%8%'%/%H$d:o=|$5$l$?%*%V%8%'%/%H$N07$$$K$*$$$F%a%b%jGK2u$,H/@8!"96N,(B Web $B%Z!<%8$K$h$C$FG$0U$N%3!<%I$r

$B!!(BIE 8 $B$K$O$3$l$i$N7g4Y$O$J$$!#(B

$B!!$^$?!">e5-$K2C$($F!"(Babout: $B%W%m%H%3%k$N%;%-%e%j%F%#6/2=$d(B MS09-010 $B$K4XO"$7$?JQ99(B ($B>\:YITL@(B) $B$,9T$o$l$F$$$k$=$&$J!#(B

2009.04.22 $BDI5-(B:
MS09-014 patch $B$K4^$^$l$k!"Hs%;%-%e%j%F%#$J=$@5(B: After you install security update 956390, Internet Explorer stops responding when you click an image to remove it (Microsoft KB 969234)

2009.05.10 $BDI5-(B:
IE6 + MS09-014 patch + Microsoft Foundation Classes (MFC) $B%Y!<%9$N(B ActiveX $B%3%s%H%m!<%k$GI{:nMQ$,H/@8$9$kLOMM(B: Internet Explorer 6 may crash if you visit a Web site that contains an MFC ActiveX control after you install MS09-014 (Microsoft KB 971131)$B!#$3$l$^$G$OLdBj$J$+$C$?%9%/%j%W%H$,(B crash $B$N860x$K$J$C$F$7$^$&LOMM!#2sHrMQ$N%3!<%INc$,>R2p$5$l$F$$$k!#(B

MS09-015 - $B7Y9p(B: SearchPath $B$NJ#9gE*6<0R$N@H:3J$5$l$k(B (959426)

$B!!(BWindows 2000 / XP / Server 2003 / Vista / Server 2008 $B$K7g4Y!#(B Safari Carpet Bomb $B$K4XO"$9$k=$@5!#(B CVE-2008-2540$B!"(B Exploitability Index: 2$B!#(BMS09-014 $B$HAH$_$"$o$;$?>e$G!"$5$i$K%l%8%9%H%j$N@_Dj$,I,MW!#(B $B0J2<$r(B regedit.exe /s $B$G@_Dj$9$k!#(B

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLESEARCHPATH_KB963027]
"iexplore.exe"=dword:00000000

$B$?$@$7!"(BWindows 2000 $B$G$O(B SetSearchPathMode API $B$rDI2C$G$-$J$$!#(B $B$=$N$+$o$j$H8@$C$F$O$"$l$@$,!"(BSafeDllSearchMode $B$rM-8z$K$7$F$*Cc$rBy$=$&!#(B $B@_Dj$N>\:Y$K$D$$$F$O(B KB949426 $B$r;2>H!#(B

MS09-016 - $B=EMW(B: Microsoft ISA Server $B$*$h$S(B Forefront Threat Management Gateway (Medium Business Edition) $B$N@H

$B!!(BISA 2004 / 2006$B!"(BForefront Threat Management Gateway, Medium Business Edition (TMG MBE) $B$K(B 2 $B$D$N7g4Y!#(BISA 2000 $B$K$O$3$N7g4Y$O$J$$!#(B

  • Web $B%W%m%-%7$N(B TCP $B$N>uBV$N8BDjE*$J%5!<%S%95qH]$N@HCVE-2009-0077$B!#(BExploitability Index: 3

    $B%U%!%$%"%&%)!<%k%(%s%8%s$K$*$1$k(B Web proxy $B$d(B Web publishing listeners $B$N(B TCP $B=hM}$K7g4Y$,$"$j!"(Bremote $B$+$i(B DoS $B967b$,2DG=!#(B

  • $B%/%m%9%5%$%H(B $B%9%/%j%W%F%#%s%0$N@HCVE-2009-0237$B!#(BExploitability Index: 3

    HTML $B%U%)!<%`G'>Z%b%8%e!<%k$K(B XSS $B7g4Y$,$"$j!">pJsO31L$d$J$j$9$^$7$N2DG=@-$,H/@8!#(B

2009.07.30 $BDI5-(B:

$B!!(BYou cannot install a Windows Installer package under the Local System context on a Windows XP-based computer that has update KB956572 installed (Microsoft KB 971913)$B!#(B MS09-012 patch $B$K$h$kI{:nMQ$N(B hotfix $B$,$"$k$_$?$$!#(B

$B!!(BThe home page of Internet Explorer 7 in Windows Vista is reset after you install the cumulative security update for Internet Explorer MS09-014 (KB963027) (Microsoft KB 973926)$B!#(BMS09-014 patch $B$K$h$kI{:nMQ$N(B hotfix $B$,$"$k$_$?$$!#(B

$B"#(B 2009.04.16

$B"#(B 2009.04.14

$B"#(B 2009.04.13

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2009.02.27)

$B!!(BJVNVU#435052: $BF)2a7?%W%m%-%7%5!<%P$,(B HTTP $B$N(B Host $B%X%C%@$K0MB8$7$F@\B3$r9T$&LdBj(B (JVN, 2009.02.24) $B$N7o!"(BIIJ $B$N(B SEIL $B%7%j!<%:$b3:Ev!#(B $B>\:Y$O!"(B$BF)2a7?(BHTTP$B%W%m%-%7%5!<%P$K$*$1$k%O%s%I%*%U5!G=$N@H (SEIL.jp, 2009.04.09) $B$r;2>H!#(B

$B"#(B 2009.04.12

$B"#(B [Security-announce] VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability
(VMware, 2009.04.10)

$B!!(BVMware Workstation 6.5.1 $B0JA0(B / Player 2.5.1 $B0JA0(B / ACE 2.5.1 $B0JA0(B / Server 2.0 $B0JA0(B / Server 1.0.8 $B0JA0(B / Fusion 2.0.3 $B0JA0!"(BESXi 3.5 / ESX 3.5 / ESX 3.0.[23] $B$K7g4Y!#(B $B%2%9%H(B OS $B$+$i!"%[%9%H(B OS $B>e$GG$0U$N%3!<%I$rCVE-2009-1244 ESX 2.5.5 $B$K$O$3$N7g4Y$O$J$$!#(B

$B!!(BVMware Workstation 6.5.2 build 156735 $B$J$I$N=$@5HG!"$b$7$/$O=$@5(B patch $B$,Ds6!$5$l$F$$$k!#%"%C%W%G!<%H$"$k$$$OE,MQ$9$l$P$h$$!#(B

$B"#(B $BDI5-(B

APSB09-04: Security Updates available for Adobe Reader and Acrobat

$B!!(BCVE-2009-0927 $B$rA@$&E[$,=P$F$-$?LOMM!#(B

$BG$0U$N%3!<%I

$B!!(BSeaMonkey 1.1.16 $B$,%j%j!<%9$5$l$^$7$?!#(B MFSA 2009-12: XSL Transformation vulnerability (CVE-2009-1169) $B$,=$@5$5$l$F$$$^$9!#(B

$B"#(B 2009.04.10

$B"#(B $B$$$m$$$m(B (2009.04.10)
(various)

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B - 2009 $BG/(B 4 $B7n(B
(Microsoft, 2009.04.10)

$B!!$"$!!":#F|$O6bMKF|$@$C$?$N$+!D!D!#G>Fb>pJs$,0lF|%:%l$F$k$J(B > $B26!#(B

$B!!6[5^(B x 5$B!"=EMW(B x 2$B!"7Y9p(B x 1 $B$N7W(B 8 $B$D!#(B $B%3%s%]!<%M%s%HJL$G$O!"(BWindows x 5$B!"(BIE x 1$B!"(BExcel x 1$B!"(BISA x 1$B!#(B Windows x 5 $B$NCf$K$O!"(BDirectX $B$d(B MSDTC $B$,4^$^$l$k!#(B

$B!!4XO"(B: 2009$BG/(B4$B7n$N%;%-%e%j%F%#%j%j!<%9M=Dj(B ($BF|K\$N%;%-%e%j%F%#%A!<%`(B, 2009.04.10)

$B"#(B 2009.04.09

$B"#(B $B$$$m$$$m(B (2009.04.09)
(various)

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2009.02.27)

$B!!(BJVNVU#435052: $BF)2a7?%W%m%-%7%5!<%P$,(B HTTP $B$N(B Host $B%X%C%@$K0MB8$7$F@\B3$r9T$&LdBj(B (JVN, 2009.02.24) $B$N7o!"(BBlueCoat $B$N(B Proxy SG $B$b3:Ev!#(B Advisory $B$,=P$?(B: ProxySG in transparent deployments intercepting HTTP/HTTPS traffic (bluecoat, 2009.04.02)

$B"#(B 2009.04.08

$B"#(B Common Apache Misconception
(SANS ISC, 2009.04.07)

$B!!(Bapache $B$N@_Dj%U%!%$%k$G(B

LoadModule php4_module modules/libphp4.so
AddType application/x-httpd-php .php

$B$H$7$?$H$-!"$3$l$O!V(B.php $B$G=*$k%U%!%$%k!W$G$O$J$/!V(B.php $B$r4^$`A4$F$N%U%!%$%k!W$KE,MQ$5$l$k!"$H$$$&OC!#Nc(B: foo.php.1, foo.php.bak$B!#(B

$B"#(B $BDI5-(B

[JS09002] $B0lB@O:$N@H

$B!!0lB@O:%S%e!<%"$N?7HG(B (19.0.3.0) $B$,8x3+$5$l$F$$$k!#(B19.0.2.0 $B$KB8:_$7$?!"%P!<%8%g%sI=<($,5lHG$N$^$^$K$J$kIT6q9g$,2r>C$5$l$F$$$k!#(B

HTA$B$rMxMQ$7$?%o%s%/%j%C%/%&%(%"$N?7$?$J

$B!!4XO"(B: $B2hA|$G8+$k%o%s%/%j%C%/:>5=%5%$%H$N?7$?$JC$($J$$!I@A5a2hLL$,I=<($5$l$k$^$G(B (Internet Watch, 2009.04.08)

$B"#(B 2009.04.07

$B"#(B HTA$B$rMxMQ$7$?%o%s%/%j%C%/%&%(%"$N?7$?$J
($B%H%l%s%I%^%$%/%m(B $B%;%-%e%j%F%#(B blog, 2009.04.07)

$B!!(B$B%3%s%T%e!<%?%&%$%k%9!&IT@5%"%/%;%9$NFO=P>u67(B[3$B7nJ,$*$h$SBh(B1$B;MH>4|(B]$B$K$D$$$F(B (IPA, 2009.04.02) $B$G$b>R2p$5$l$F$$$k!"!V%o%s%/%j%C%/IT@5@A5a!W$N!H?7$?$J

$B!!2C$($F!"%&%$%k%9%P%9%?!<(B2009$B$KEk:\$5$l$F$$$k!V%7%9%F%`%A%e!<%J!

$B!!$=$s$J5!G=$,$"$k$s$@!#$^$!!"%&%$%k%9%P%9%?!<$G$O$J$$?M$O(B autoruns (Microsoft) $B$H$+;H$($P$$$$$H;W$$$^$9!#(B

2009.04.08 $BDI5-(B:

$B!!4XO"(B: $B2hA|$G8+$k%o%s%/%j%C%/:>5=%5%$%H$N?7$?$JC$($J$$!I@A5a2hLL$,I=<($5$l$k$^$G(B (Internet Watch, 2009.04.08)

$B"#(B [JS09002] $B0lB@O:$N@H
($B%8%c%9%H%7%9%F%`(B, 2009.04.07)

$B!!0lB@O:(B 2009 / 2008 / 2007 / 2006 / 2005 / $BJ8i:(B / 2004 / 13$B!"0lB@O:%S%e!<%"A4%P!<%8%g%s$K7g4Y!#!VJ8=q>pJs$N=hM}!W$K7g4Y$,$"$j!"96N,J8=q%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rpJs%;%-%e%j%F%#Aa4|7Y2|%Q!<%H%J!<%7%C%W$K4p$E$$$?BP1~$,$5$l$?LOMM$@$,!"(BJVN $B$d(B IPA $B$+$i$N>pJsH/?.$O$^$@$5$l$F$$$J$$LOMM!#(B $B!D!D=P$^$7$?(B: JVN#33846134 $B0lB@O:%7%j!<%:$K$*$1$k%P%C%U%!%*!<%P!<%U%m!<$N@H (JVN, 2009.04.07)$B!"(B CVE-2009-4737

$B!!=$@5%W%m%0%i%`$,8x3+$5$l$F$$$k$N$GE,MQ$9$l$P$h$$!#(B $B0lB@O:(B 2009 $BBN83HG$d0lB@O:%S%e!<%"$K$D$$$F$O!"5lHG$r%"%s%$%s%9%H!<%k$7!":G?7HG$r%$%s%9%H!<%k$9$k$3$H$GBP1~$G$-$k!#(B

2009.04.08 $BDI5-(B:

$B!!0lB@O:%S%e!<%"$N?7HG(B (19.0.3.0) $B$,8x3+$5$l$F$$$k!#(B19.0.2.0 $B$KB8:_$7$?!"%P!<%8%g%sI=<($,5lHG$N$^$^$K$J$kIT6q9g$,2r>C$5$l$F$$$k!#(B

$B"#(B 2009.04.06

$B"#(B 2009.04.04

$B"#(B 2009.04.03

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (969136) Microsoft Office PowerPoint $B$N@H
(Microsoft, 2009.04.03)

$B!!(BPowerPoint 2000 / 2002 (XP) / 2003$B!"(BOffice 2004 for Mac $B$K7g4Y!#(B $B>\:Y$OITL@$@$,(B PowerPoint $B%U%!%$%k$N=hM}$K7g4Y$,$"$j!"96N,(B PowerPoint $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2009-0556

$B!!=$@5%W%m%0%i%`$O3+H/Cf!#(BMicrosoft Office Isolated Conversion Environment (MOICE) $B$rMxMQ$9$k$3$H$G2sHr$G$-$k!#4XO"(B:

2009.04.06 $BDI5-(B:

$B!!4XO"(B:

2009.05.13 $BDI5-(B:

$B!!(BMS09-017 - $B6[5^(B: Microsoft Office PowerPoint $B$N@H (Microsoft, 2009.05.13) $B$GBP1~$5$l$?!D!D$H8@$$$?$$$H$3$m$@$,!"@$$NCf$O4E$/$J$+$C$?!#(B

Microsoft Office 2004 for Mac$B!"(BMicrosoft Office 2008 for Mac$B!"(BOpen XML File Format Converter for Mac$B!"(BMicrosoft Works 8.5 $B$^$?$O(B Microsoft Works 9.0 $B$r
$B%^%$%/%m%=%U%H$O(B Windows $B%*%Z%l!<%F%#%s%0(B $B%7%9%F%`$G
$B8=:_!"(BMicrosoft Office 2004 for Mac$B!"(BMicrosoft Office 2008 for Mac$B!"(BOpen XML File Format Converter for Mac$B!"(BMicrosoft Works 8.5 $B$^$?$O(B Microsoft Works 9.0 $BMQ$N99?7%W%m%0%i%`$r3+H/$7$F$$$^$9!#%^%$%/%m%=%U%H$O!"8D!9$N%j%j!<%9$N9b$$IJ

$B!!8=:_F~

2009.05.15 $BDI5-(B:

$B!!(BZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability (ZDI, 2009.05.12)

$B"#(B 2009.04.02

$B"#(B 2009.04.01

[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B