$B%;%-%e%j%F%#%[!<%k(B memo - 2010.02

Last modified: Sun Jul 5 01:25:07 2010 +0900 (JST)

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B"#(B 2010.02.28

$B"#(B $BDI5-(B

Adobe Download Manager issue

$B!!(BMultiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability (iDefense, 2010.02.23)

$B"#(B 2010.02.27

$B"#(B PHP 5.2.13 $B%j%j!<%9(B
(PHP.net, 2010.02.25)

$B!!%;%-%e%j%F%#=$@5$,4^$^$l$F$^$9!#(B

* Improved LCG entropy. (Rasmus, Samy Kamkar)
* Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
* Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)

$B"#(B 2010.02.26

$B"#(B $BDI5-(B

Renegotiating TLS

$B!!(BOpenSSL 0.9.8m $BEP>l!#(BRFC5746 $B$KBP1~$7$F$$$k!#(Biida $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2010.02.25

$B"#(B $BDI5-(B

Renegotiating TLS

$B!!(BDetails on the New TLS Advisory - Security Advisory 977377: Vulnerability in TLS Could Allow Spoofing (Microsoft Security Research & Defense, 2010.02.09)

$B"#(B 2010.02.24

$B"#(B $BDI5-(B

Adobe Download Manager issue

$B!!=P$^$7$?(B: APSB10-08: Security update available for Adobe Download Manager (Adobe, 2010.02.23)$B!#(B CVE-2010-0189$B!#(B 2010.02.23 $B0J9_(B ($BJF9q;~4V$G$7$g$&(B) $B$N(B Adobe Download Manager $B$K$O$3$N7g4Y$O$J$$$=$&$G!#(BAdobe Download Manager $B$,7g4YF~$j$+H]$+$O!"

  • C:\Program Files\NOS\ $B%U%)%k%@$,B8:_$7!"$=$NCf?H$,$"$k$+H]$+!#(B $B$"$k>l9g$O!V7g4YF~$j!W!#(B

  • services.msc ($B!V4IM}%D!<%k!W$N!V%5!<%S%9!W%3%s%H%m!<%k%Q%M%k(B) $B$r5/F0$7!"%5!<%S%9$N0lMw$r3NG'$9$k!#$=$NCf$K(B getPlus(R) Helper $B$,$"$k$+H]$+!#(B $B$"$k>l9g$O!V7g4YF~$j!W!#(B

$B!!7g4YF~$j$N>l9g$O!"(B

  • Adobe Download Manager $B$r%"%s%$%s%9%H!<%k$9$k$+!"$"$k$$$O(B

  • getPlus(R) Helper $B%5!<%S%9$rDd;_$5$;!"(B $B$=$N8e(B C:\Program Files\NOS\ $B%U%)%k%@$NCf?H$r:o=|$7$^$7$g$&!#(B

$B"#(B 2010.02.23

$B"#(B $B$$$m$$$m(B (2010.02.23)
(various)

$B"#(B Adobe Download Manager issue
(adobe, 2010.02.18)

$B!!$3$N7o(B: May the force be with you (Aviv Raff On .NET, 2010.02.15)$B!#(B Adobe Reader $B$d(B Flash Player $B$r%$%s%9%H!<%k$9$k$H$-$K!"(B Adobe Download Manager $B$H$$$&$b$N$b%$%s%9%H!<%k$5$l$F$7$^$&$3$H$,$"$k$N$@$,!"$3$l$K7g4Y$,$"$kLOMM!#$3$N7g4Y$r;H$&$H!"G$0U$N%W%m%0%i%`$r<+F0E*$K%$%s%9%H!<%k$5$;$k$3$H$,$G$-$k!"$H$$$&$3$H$G$$$$$N$+$J!#(B

$B!!=$@5HG$O$^$@$J$$!#(BAviv Raff $B;a$O(B Adobe Download Manager $B$N%"%s%$%s%9%H!<%k$r?d>)$7$F$$$k!#(B

$B!!$"$H!"(B

Firefox users should disable or uninstall the Adobe Download Manager extension.

$B$H$b=q$+$l$F$$$k$N$G!"(BFirefox $BMxMQ

$B!D!D$H;W$C$?$1$I!"(BAdobe Download Manager $B$r%"%s%$%s%9%H!<%k$7$F$_$?$i!"(BFirefox $B$N5!G=3HD%$b$A$c$s$H>C$($?!#(B

2010.02.24 $BDI5-(B:

$B!!=P$^$7$?(B: APSB10-08: Security update available for Adobe Download Manager (Adobe, 2010.02.23)$B!#(B CVE-2010-0189$B!#(B2010.02.23 $B0J9_(B ($BJF9q;~4V$G$7$g$&(B) $B$N(B Adobe Download Manager $B$K$O$3$N7g4Y$O$J$$$=$&$G!#(BAdobe Download Manager $B$,7g4YF~$j$+H]$+$O!"

$B!!7g4YF~$j$N>l9g$O!"(B

2010.02.28 $BDI5-(B:

$B!!(BMultiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability (iDefense, 2010.02.23)

2010.03.11 $BDI5-(B:

$B!!(BAPSB10-08 - Adobe Download Manager$BMQ%;%-%e%j%F%#%"%C%W%G!<%H8x3+(B (Adobe)

$B"#(B OpenOffice.org 3.2 $BEP>l!"(B7 $B
(OpenOffice.org, 2010.02.12)

$B!!(BOpenOffice.org 3.2 $B$,(B 2010.02.12 $B$K8x3+$5$l$?$,!"

$B!!$3$&$$$&$N$O(B$B%j%j!<%9%N!<%H(B$B$KL@5-$7$F$A$g$&$@$$!D!D!#(B

$B"#(B 2010.02.22

$B"#(B $BDI5-(B

Operation $B!H(BAurora$B!I(B Hit Google, Others

$B!!4XO"(B:

$B"#(B 2010.02.21

$B"#(B 2010.02.20

$B"#(B 2010.02.19

$B"#(B Firefox 3.5.8 / 3.0.18$B!"(BSeaMonkey 2.0.3 $B%j%j!<%9(B
(mozilla.org, 2010.02.19)

$B!!=P$F$^$9!#%;%-%e%j%F%#=$@5$b4^$^$l$F$$$^$9!#(B

$B!!=$@5$5$l$F$$$k$N$O

SA $BHV9f(B $B=EMWEY(B $B35MW(B
MFSA 2010-05 $BCf(B SVG $B%I%-%e%a%s%H$H%P%$%J%j(B Content-Type $B$N;HMQ$K$h$k(B XSS
MFSA 2010-04 $BCf(B window.dialogArguments $B$,%/%m%9%I%a%$%s$GFI$_
MFSA 2010-03 $B:G9b(B HTML $B%Q!<%5$N8m$C$?%a%b%j2rJ|$K$h$k%/%i%C%7%e(B
MFSA 2010-02 $B:G9b(B Web $B%o!<%+!<$NG[Ns=hM}$K$*$1$k%R!<%WGKB;(B
MFSA 2010-01 $B:G9b(B $B%a%b%jGK2u$N7A@W$,$"$k%/%i%C%7%e(B (rv:1.9.1.8/1.9.0.18)

$B!!$$$:$l$b(B Firefox 3.6 $B$G$O4{$K=$@5$5$l$F$$$k!#$^$?(B MFSA 2010-01 $B$H(B MFSA 2010-03 $B$O(B Thunderbird $B$K$b1F6A$7!"(BThunderbird 3.0.2 $B$G=$@5$5$l$kM=Dj!#(B MFSA 2010-01 $B$O(B JavaScript $BL58z2=$K$h$j2sHr$G$-$k$,!"(B MFSA 2010-03 $B$O$=$&$$$&$o$1$K$O$$$+$J$$!#(B

2010.03.02 $BDI5-(B:

$B!!(BThunderbird 3.0.2 $B=P$^$7$?!#(B $B%j%j!<%9%N!<%H(B$B!#9b66$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2010.02.18

$B"#(B $BDI5-(B

Microsoft 2010 $BG/(B 2 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BMS10-015 $B4XO"(B:

$B"#(B 2010.02.17

$B"#(B $B!V%X%?%/%=!W(Bpixiv$B$K0U?^$;$:Cf=}%3%a%s%H!!(BCSRF$B@H
(ITmedia, 2010.02.15)

$B!!(Bpixiv $B$K(B CSRF $B7g4Y$,B8:_!"(B $B%m%0%$%s$7$?>uBV$G96N,(B URL $B$K%"%/%;%9$9$k$HCf=}%3%a%s%H$,<+F0E*$K=q$-9~$^$l$k;v7o$,H/@8!#(B $B8=:_$O=$@5$5$l$F$$$k!#(B

$B!!4XO"(B: $B!NIT6q9gJs9p!O0U?^$7$J$$:nIJ$X$N%3%a%s%H$K$D$$$F(B (pixiv $B3+H/

$B"#(B $BDI5-(B

APSB10-06: Security update available for Adobe Flash Player

$B!!(BAPSB10-06: Security update available for Adobe Flash Player $B$,(B 2010.02.12 $BIU$G2~D{$5$l$F$$$k!#=$@5:Q$N(B AIR $B$N%P!<%8%g%sHV9f$O(B 1.5.3.1930 $B$G$O$J$/(B 1.5.3.9130 $B$@$=$&$G$9!#(B

APSB10-07: Security Advisory for Adobe Reader and Acrobat

$B!!(BAPSB10-07: Security Advisory for Adobe Reader and Acrobat $B$,99?7$5$l!"(BAdobe Reader / Acrobat 9.3.1 / 8.2.1 $B%"%C%W%G!<%?!<$,8x3+$5$l$F$$$^$9!#(B2 $B$D$N7g4Y$,=$@5$5$l$F$$$^$9!#(B

$B"#(B 2010.02.16

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2010.02.15)

$B!!(B[memo:9746] $B%;%-%e%j%F%#%[!<%k(B memo: SQUID-2010_2.txt $B$N;XE&$r

$B9u$$2hLL$K%^%&%9%+!<%=%k(B (Win32/Daonol)

$B$$$m$$$m(B (2009.12.06)

$B!!(Bi$B%b!<%I(BID$B$rMQ$$$?!V$+$s$?$s%m%0%$%s!W$N(BDNS Rebinding$B@H (HASH$B%3%s%5%k%F%#%s%0(B, 2009.11.24) $B$,(B 2010.01.21 $BIU$G99?7$5$l$F$$$k!#(B

$BD{@5!J(B2010$BG/(B1$B7n(B21$BF|!K(B
$BEv=i%j%j!<%9$G!V(BFOMA$B%+!<%I@=B$HV9f$J$I$rMQ$$$F$$$k>l9g$O1F6A$rl9g$b1F6A$rl9g!"MxMQe$K3NG'2hLL$,I=<($5$l$k$N$G!"$=$3$G%f!<%6$,5q@d$9$l$P967b$K$"$o$J$$$,!"9*L/$JM6F3$J$I$K$h$j967b$5$l$l$P!"Ho32$KAx$&%f!<%6$b=P$F$/$k$H9M$($i$l$k!#(B

$B"#(B 2010.02.15

$B"#(B $B$$$m$$$m(B (2010.02.15)
(various)

2010.02.16 $BDI5-(B:

$B!!(B[memo:9746] $B%;%-%e%j%F%#%[!<%k(B memo: SQUID-2010_2.txt $B$N;XE&$r

2010.03.02 $BDI5-(B:

$B!!(BAPSB10-05: Security update available for BlazeDS (Adobe, 2010.02.11) $B$NF|K\8lHG(B: APSB10-05: BlazeDS$BMQ%;%-%e%j%F%#%"%C%W%G!<%H8x3+(B (Adobe)

$B"#(B $BDI5-(B

Renegotiating TLS

$B!!(B$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (977377) TLS/SSL $B$N@H (Microsoft, 2010.02.10)$B!#(B$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B: TLS/SSL $B$N@H (Microsoft KB 977377) $B$K<($5$l$F$$$k=$@5%W%m%0%i%`$rE,MQ$9$k$3$H$G!"(BSSL / TLS $B$N:F%M%4%7%(!<%7%g%s=hM}$rL58z$K$G$-$k!#$?$@$7!"$b$A$m$sI{:nMQ$,$"$k!#(B

$B%^%$%/%m%=%U%H$K$h$j0J2<$N%=%U%H%&%'%"$,%F%9%H$5$l!"$3$N99?7%W%m%0%i%`$r%$%s%9%H!<%k$9$k$HLdBj$,H/@8$9$k$3$H$,3NG'$5$l$F$$$^$9!#(B

* Windows 7 DirectAccess: IP HTTPS $B%$%s%?!<%U%'%$%9$,5!G=$7$^$;$s!#(B
* Exchange ActiveSync: $B%/%i%$%"%s%H>ZL@=q$NG'>Z$r;HMQ$9$k>l9g$K5!G=$7$^$;$s!#(B
* $B%$%s%?!<%M%C%H(B $B%$%s%U%)%a!<%7%g%s(B $B%5!<%S%9(B (IIS): $B$"$kZL@=q%^%C%T%s%0$N%7%J%j%*$r4^$`%/%i%$%"%s%H>ZL@=q$NG'>Z$r;HMQ$9$k(B IIS $B$,1F6A$rZL@=q$NG'>Z$O1F6A$r * Internet Explorer: $B%5%$%H5,LO$N%/%i%$%"%s%H>ZL@=q$NG'>Z$G$O$J$/!"C1$J$k%/%i%$%"%s%H>ZL@=q$NG'>Z$,I,MW$J(B Web $B%5%$%H$r;2>H$7$?>l9g!"@5>o$K@\B3$G$-$J$$$3$H$,$"$j$^$9!#(B

$B!!>e5-(B RFC $B$K4p$E$/:F

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (979682) Windows $B%+!<%M%k$N@H:3J$5$l$k(B

$B!!(BWindows$B%+!<%M%k$N(B#GP$B%H%i%C%W%O%s%I%i$N@HZ%l%]!<%H(B (NTT $B%G!<%?%;%-%e%j%F%#(B, 2010.01.18)

Claimed Zero Day exploit in Samba

$B!!(BSamba$B$N%G%#%l%/%H%j%H%i%P!<%5%k$N@HZ%l%]!<%H(B (NTT $B%G!<%?%;%-%e%j%F%#(B, 2010.02.12)

Microsoft 2010 $BG/(B 2 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BMS10-015 $B$N7o$G$9$,!"$I$&$d$i!"FCDj$N

  • rootkit $B$,A[Dj$7$F$$$k(B kernel $B>uBV$H(B

  • $BuBV(B (MS10-015 patch $B$K4p$E$/(B kernel $B>uBV(B)

$B$H$N4V$KIT@09g$,@8$8$F!"7k2L$H$7$F%V%k!<2hLL$K$J$k$h$&$G!#(B

$B!!$"$H!":#2s$N(B patch $B$H$$$C$7$g$K!"(BActive Directory Rights Management Services (AD RMS) $B$K4X$9$k=$@5%W%m%0%i%`$,G[I[$5$l$?$N$@$=$&$G!#(B

$B"#(B 2010.02.14

$B"#(B 2010.02.13

$B!!:#F|$O$^$C$A$c(B 139$B!#!D!D$"$!!"%O%k%R$NIqBf0';"$H$$$&$N$O!"(B$B$3$l$N$3$H(B$B$+!#(B

$B"#(B $BDI5-(B

Renegotiating TLS

$B!!(BRFC $B=P$F$^$7$?(B: RFC5746: Transport Layer Security (TLS) Renegotiation Indication Extension (IETF)

$B"#(B Major security hole in the TYPOlight install tool
(TYPOlight.org, 2009.12.19)

$B!!(BCMS $BZ$r2sHr$7$F(B database login credentials $B$d(B FTP login credentials (Safe Mode Hack $B$,M-8z$J>l9g(B) $B$rFI$_

$B!!(BTYPOlight 2.7.6 $B$G=$@5$5$l$F$$$k!#$^$?(B TYPOlight 2.4.x $B!A(B 2.7.x $BMQ$N(B patch $B$,MQ0U$5$l$F$$$k!#(B

$B"#(B 2010.02.12

$B"#(B APSB10-07: Security Advisory for Adobe Reader and Acrobat
(Adobe, 2010.02.11)

$B!!(BAdobe Reader / Acrobat 9.3 / 8.2 $B0JA0$K=EBg$J7g4Y$,$"$j!"(B 2010.02.16 ($BNc$K$h$C$F(B US $B;~4V$G$7$g$&(B) $B$K99?7HG$,8x3+$5$l$kM=Dj$@$=$&$@!#(B

2010.02.17 $BDI5-(B:

$B!!(BAPSB10-07: Security Advisory for Adobe Reader and Acrobat $B$,99?7$5$l!"(BAdobe Reader / Acrobat 9.3.1 / 8.2.1 $B%"%C%W%G!<%?!<$,8x3+$5$l$F$$$^$9!#(B2 $B$D$N7g4Y$,=$@5$5$l$F$$$^$9!#(B

2010.03.11 $BDI5-(B:

$B!!4XO"(B:

$B"#(B APSB10-06: Security update available for Adobe Flash Player
(Adobe, 2010.02.11)

$B!!(BFlash Player 10.0.45.2 / 9.0.262.0$B!"(BAIR 1.5.3.1930 1.5.3.9130 $BEP>l!#0J2<$N(B 2 $B$D$N7g4Y$,=$@5$5$l$F$$$k!#(B

2010.02.17 $BDI5-(B:

$B!!(BAPSB10-06: Security update available for Adobe Flash Player $B$,(B 2010.02.12 $BIU$G2~D{$5$l$F$$$k!#=$@5:Q$N(B AIR $B$N%P!<%8%g%sHV9f$O(B 1.5.3.1930 $B$G$O$J$/(B 1.5.3.9130 $B$@$=$&$G$9!#(B

$B"#(B Google $B%P%:(B $B$r2wE,$K$*;H$$$$$?$@$/$?$a$K(B
(Google, 2010.02.10)

$B!!(BBuzz $B4XO"(B:

$B"#(B $BDI5-(B

Microsoft 2010 $BG/(B 2 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BRestart issues after installing MS10-015 (MSRC blog, 2010.02.11)$B!"(B MS10-015$B$G:F5/F0$d%V%k!<%9%/%j!<%s$,H/@8$9$k7o$K$D$$$F(B ($BF|K\$N%;%-%e%j%F%#%A!<%`(B, 2010.02.12)

$B"#(B 2010.02.11

$B"#(B Microsoft 2010 $BG/(B 2 $B7n$N%;%-%e%j%F%#>pJs(B
(Microsoft, 2010.02.10)

$B!!M=Dj$I$*$j=P$^$7$?!#(BWindows $B$NB>!"(BOffice XP / 2003$B!"(BOffice 2004 for Mac $B$N=$@5%W%m%0%i%`(B$B$b=P$F$$$^$9!#(B ($B$"$H$GDI5-M=Dj(B)

2010.02.12 $BDI5-(B:

$B!!(BRestart issues after installing MS10-015 (MSRC blog, 2010.02.11)$B!"(B MS10-015$B$G:F5/F0$d%V%k!<%9%/%j!<%s$,H/@8$9$k7o$K$D$$$F(B ($BF|K\$N%;%-%e%j%F%#%A!<%`(B, 2010.02.12)

2010.02.15 $BDI5-(B:

$B!!(BMS10-015 $B$N7o$G$9$,!"$I$&$d$i!"FCDj$N

$B$H$N4V$KIT@09g$,@8$8$F!"7k2L$H$7$F%V%k!<2hLL$K$J$k$h$&$G!#(B

$B!!$"$H!":#2s$N(B patch $B$H$$$C$7$g$K!"(BActive Directory Rights Management Services (AD RMS) $B$K4X$9$k=$@5%W%m%0%i%`$,G[I[$5$l$?$N$@$=$&$G!#(B

2010.02.18 $BDI5-(B:

$B!!(BMS10-015 $B4XO"(B:

2010.03.01 $BDI5-(B:

$B!!$d$C$H=q$1$?!#(B

MS10-003 - $B=EMW(B: Microsoft Office (MSO) $B$N@H

$B!!(BOffice XP$B!"(BOffice 2004 for Mac $B$K7g4Y!#(B MSO.DLL $B$K(B buffer overflow $B$9$k7g4Y$,$"$j!"(B $B96N,(B Office $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2010-0243$B!#(B Exploitability Index: 1

MS10-004 - $B=EMW(B: Microsoft Office PowerPoint $B$N@H

$B!!(BPowerPoint 2002 (XP) / 2003$B!"(BPowerPoint 2003 Viewer$B!"(BOffice 2004 for Mac $B$K(B 6 $B$D$N7g4Y!#(B

  • PowerPoint $B$N%U%!%$%k(B $B%Q%9$N=hM}$N%P%C%U%!!<(B $B%*!<%P!<%U%m!<$N@HCVE-2010-0029

    Exploitability Index: 2

  • PowerPoint $B$N(B LinkedSlideAtom $B$N%R!<%W(B $B%*!<%P!<%U%m!<$N@HCVE-2010-0030

    Exploitability Index: 1

  • PowerPoint $B$N(B OEPlaceholderAtom 'placementId' $B$NL58z$JG[Ns$N%$%s%G%C%/%9$N@HCVE-2010-0031

    Exploitability Index: 1

  • PowerPoint $B$N(B OEPlaceholderAtom $B$N(B Use After Free $B$N@HCVE-2010-0032

    Exploitability Index: 1

  • PowerPoint Viewer $B$N(B TextBytesAtom $B%l%3!<%I$N%9%?%C%/(B $B%*!<%P!<%U%m!<$N@HCVE-2010-0033

    Exploitability Index: 1$B!#1F6A$9$k$N$O(B PowerPoint Viewer 2003 $B$N$_!#(B

  • Office PowerPoint Viewer $B$N(B TextCharsAtom $B%l%3!<%I$N%9%?%C%/(B $B%*!<%P!<%U%m!<$N@HCVE-2010-0034

    Exploitability Index: 1$B!#1F6A$9$k$N$O(B PowerPoint Viewer 2003 $B$N$_!#(B

$B!!(BPowerPoint 2003 Viewer $B$K$D$$$F$O!"%"%s%$%s%9%H!<%k$7$?>e$G(B PowerPoint 2007 Viewer $B$K0\9T$9$k!#(B $B$G$b$3$N%Z!<%8!"(BPowerPoint 2007 Viewer SP2 $B$,%j%s%/$5$l$F$J$$!#(B

MS10-005 - $B7Y9p(B: Microsoft $B%Z%$%s%H$N@H

$B!!(BWindows 2000 / XP / Server 2003 $B$K7g4Y!#IUB0$9$k(B Microsoft $B%Z%$%s%H$K(B integer overflow $B$9$k7g4Y$,$"$j!"96N,(B JPEG $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2010-0028$B!#(BExploitability Index: 2

MS10-006 - $B6[5^(B: SMB $B%/%i%$%"%s%H$N@H

$B!!(BWindows $B$N(B SMB $B%/%i%$%"%s%H

  • SMB $B%/%i%$%"%s%H$N%W!<%kGKB;$N@HCVE-2010-0016

    Windows 2000 / XP / Server 2003 $B$K7g4Y!#(B SMB $B%/%i%$%"%s%HZ$GG$0U$N%3!<%I$r

  • SMB $B%/%i%$%"%s%H$N6%9g>uBV$N@HCVE-2010-0017

    Windows Vista / Server 2008 / 7 / Server 2008 R2 $B$K7g4Y!#(B SMB $B%M%4%7%(!<%7%g%s=hM}$K7g4Y$,$"$j!"(B

    • Windows Vista / Server 2008 $B$G$O!"(Blocal user $B$K$h$k8"8B>e>:$,2DG=!#(B

    • Windows 7 / Server 2008 R2 $B$G$O!"(Bremote $B$+$i$NG$0U$N%3!<%I$N

    Exploitability Index: 1

$B!!4XO"(B:

MS10-007 - $B6[5^(B: Windows Shell $B%O%s%I%i!<(B $B$N@H

$B!!(BWindows 2000 / XP / Server 2003 $B$K7g4Y!#(BShellExecute() $B$NCVE-2010-0027$B!#(B Exploitability Index: 1

$B!!4XO"(B:

MS10-008 - $B6[5^(B: ActiveX $B$N(B Kill Bit $B$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (978262)

$B!!(BWindows 2000 / XP / Server 2003 / Vista / Server 2008 / 7 / Server 2008 R2 $B$K7g4Y!#(B Microsoft Data Analyzer (max3activex.dll) $B$N(B ActiveX $B%3%s%H%m!<%k$K7g4Y!"(B remote $B$+$iG$0U$N%3!<%I$rCVE-2010-0252

$B!!(BExploitability Index $B$O8x3+$5$l$F$$$J$$$,!"(BWindows 2000 / XP $B$G$O!V6[5^!W$H$5$l$F$$$k!#(B

$B!!$3$NB>$K!"(B3rd party $B@=$N$b$N(B x 4$B!#(B

MS10-009 - $B6[5^(B: Windows TCP/IP $B$N@H

$B!!(BWindows Vista / Server 2008 $B$K(B 4 $B$D$N7g4Y!#(B

  • ICMPv6 $B$N%k!<%?!<(B $B%"%I%P%?%$%:$N@HCVE-2010-0239

    TCP/IP $B%9%?%C%/$K7g4Y$,$"$j!"(B $B96N,(B ICMPv6 $B%k!<%?!<(B $B%"%I%P%?%$%:(B $B%Q%1%C%H$K$h$C$F!"(Bremote $B$+$iG$0U$N%3!<%I$r

  • $B%X%C%@!<$N(B MDL $BCGJR2=$N@HCVE-2010-0240

    UDP $B%G!<%?%0%i%`(B $B%U%i%0%a%s%H>e$N(B ESP $B$N=hM}$K7g4Y$,$"$j!"(B $B96N,(B ESP $B$K$h$C$F(B remote $B$+$iG$0U$N%3!<%I$r

  • ICMPv6 $B$N%k!<%H>pJs$N@HCVE-2010-0241

    TCP/IP $B%9%?%C%/$K7g4Y$,$"$j!"(B $B96N,(B ICMPv6 $B%k!<%H>pJs%Q%1%C%H$K$h$C$F!"(Bremote $B$+$iG$0U$N%3!<%I$r

  • TCP/IP $B$NA*Br7?1~Ez3NG'$N@HCVE-2010-0242

    TCP/IP $B%9%?%C%/$K7g4Y$,$"$j!"(B $B96N,(B SACK $B$K$h$C$F(B DoS $B967b$r

MS10-010 - $B=EMW(B: Windows Server 2008 Hyper-V $B$N@H

$B!!(BWindows Server 2008 Hyper-V / Server 2008 R2 Hyper-V $B$K7g4Y!#(B $B%2%9%H2>A[%^%7%s$+$iFCDj$NL?NaNs$rCVE-2010-0026$B!#(B Exploitability Index: 3

MS10-011 - $B=EMW(B: Windows $B%/%i%$%"%s%H(B/$B%5!<%P!<(B $B%i%s%?%$%`(B $B%5%V%7%9%F%`$N@H:3J$5$l$k(B (978037)

$B!!(BWindows 2000 / XP / Server 2003 $B$K7g4Y!#(BWindows $B%/%i%$%"%s%H(B/$B%5!<%P!<(B $B%i%s%?%$%`(B $B%5%V%7%9%F%`(B (CSRSS) $B$K7g4Y$,$"$j!"(Blocal user $B$K$h$k8"8B>e>:$,2DG=$H$J$k!#(BCVE-2010-0023$B!#(B Exploitability Index: 1

MS10-012 - $B=EMW(B: SMB $B%5!<%P!<$N@H

$B!!(BWindows 2000 / XP / Server 2003 / Vista / Server 2008 / 7 / Server 2008 R2 $B$K(B 4 $B$D$N7g4Y!#(B

  • SMB $B$N%Q%9L>$N%*!<%P!<%U%m!<$N@HCVE-2010-0020

    SMB $B%Q%1%C%H$N=hM}$K7g4Y$,$"$j!"(Bremote $B$+$iG$0U$N%3!<%I$rZ$rFMGK$9$kI,MW$,$"$k!#(B Exploitability Index: 2

  • SMB $B$N%a%b%j$NGKB;$N@HCVE-2010-0021

    SMB $B%Q%1%C%H$N=hM}$K7g4Y$,$"$j!"(Bremote $B$+$i(B DoS $B967b$r

  • SMB $B$N(B Null $B%]%$%s%?!<$N@HCVE-2010-0022

    SMB $B%Q%1%C%H$N=hM}$K7g4Y$,$"$j!"(Bremote $B$+$i(B DoS $B967b$r

  • SMB $B$N(B NTLM $BG'>Z$N%(%s%H%m%TITB-$N@HCVE-2010-0231

    SMB $B%Q%1%C%H$N=hM}$K7g4Y$,$"$j!"(Bremote $B$+$iG$0U$N%3!<%I$r

MS10-013 - $B6[5^(B: Microsoft DirectShow $B$N@H

$B!!(BWindows 2000 / XP / Server 2003 / Vista / Server 2008 / 7 / Server 2008 R2 $B$K7g4Y!#(BDirectShow $B$K(B heap overflow $B$9$k7g4Y$,$"$j!"96N,(B AVI $B%U%!%$%k$r3+$/$HG$0U$N%3!<%I$,CVE-2010-0250$B!#(BExploitability Index: 1

MS10-014 - $B=EMW(B: Kerberos $B$N@H

$B!!(BWindows 2000 Server / Server 2003 / Server 2008 $B$K7g4Y!#(B Kerberos $B$N(B Key Distribution Center (KDC) $B$K7g4Y$,$"$j!"(B Windows $B$G$O$J$$(B ($BNc(B: UNIX $B$N(B) Kerberos realm $B$H$N4V$G?.Mj4X78$r7k$s$G$$$?>l9g$K!":Y9)$7$?(B Ticket Granting Ticket (TGT) $B99?7%j%/%(%9%H$rAw$k$3$H$G(B NULL pointer dereference $B$,H/@8!"(B KDC $B$,1~Ez$rDd;_$9$k$?$a(B DoS $B967b$,@.N)!#(B Windows Server 2008 R2 $B$K$O$3$N7g4Y$O$J$$!#(B CVE-2010-0035$B!#(B Exploitability Index: 3

MS10-015 - $B=EMW(B: Windows $B%+!<%M%k$N@H:3J$5$l$k(B (977165)

$B!!(BWindows 2000 / XP / Server 2003 / Vista / Server 2008 / 7 $B$K(B 2 $B$D$N7g4Y!#(B

  • Windows $B%+!<%M%k$NNc30%O%s%I%i!<$N@HCVE-2010-0232

    32bit $BHG$N(B Windows 2000 / XP / Server 2003 / Vista / Server 2008 / 7 $B$K7g4Y!#(B$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (979682) Windows $B%+!<%M%k$N@H:3J$5$l$k(B $B$N7o!#(B64bit $BHG$K$O$3$N7g4Y$O$J$$!#(BExploitability Index: 1

  • Windows $B%+!<%M%k$N%@%V%k(B $B%U%j!<$N@HCVE-2010-0233

    64bit $BHG$r4^$`!"(BWindows 2000 / XP / Server 2003 / Vista / Server 2008 $B$K7g4Y!#(BWindows $B%+!<%M%k$KFs=E%U%j!<$9$k7g4Y$,$"$j!"96N,%W%m%0%i%`$K$h$C$FG$0U$N%3!<%I$r

$B!!FCDj$N

2010.03.03 $BDI5-(B:

$B!!(BMS10-015 - $B=EMW(B: Windows $B%+!<%M%k$N@H:3J$5$l$k(B (977165) $B$,2~D{$5$l$^$7$?!#?7$7$$(B patch $B$,EP>l$7$F$$$^$9!#(B

$B$J$<$3$N%;%-%e%j%F%#>pJs$O(B 2010 $BG/(B 3 $B7n(B 3 $BF|$K99?7$5$l$?$N$G$9$+(B?
$B%^%$%/%m%=%U%H$O$3$N%;%-%e%j%F%#>pJs$r99?7$7!"(BWindows Update $B>e$G(B MS10-015 $B$N%;%-%e%j%F%#99?7%W%m%0%i%`$N2~D{HG%Q%C%1!<%8$NDs6!$r3+;O$7$?$3$H$r$*CN$i$;$7$^$7$?!#$3$N2~D{$O!"%Q%C%1!<%8$N%$%s%9%H!<%k(B $B%m%8%C%/$NJQ99$N$?$a$K9T$o$l$?$b$N$G!"FCDj$N0[>o$J>uBV$,%7%9%F%`$KB8:_$9$k>l9g$K$O%;%-%e%j%F%#99?7%W%m%0%i%`$,%$%s%9%H!<%k$5$l$J$$$h$&$K$7$^$9!#(B $B$3$l$i$N%7%9%F%`$N0[>o$J>uBV$O!"%3%s%T%e!<%?!<(B $B%&%$%k%9$X$N46@w$K$h$k$b$N$G$"$k$H9M$($i$l!"%*%Z%l!<%F%#%s%0(B $B%7%9%F%`$N%U%!%$%k$r2~$6$s$5$l$k$3$H$G!"46@w$7$?%3%s%T%e!<%?!<$O(B MS10-015 $B$N%;%-%e%j%F%#99?7%W%m%0%i%`$H8_49@-$N$J$$>uBV$K$J$j$^$9!#$^$?!">l9g$K$h$C$F!"%&%$%k%9$K46@w$7$?%3%s%T%e!<%?!<>e$K%;%-%e%j%F%#99?7%W%m%0%i%`(B MS10-015 $B$r%$%s%9%H!<%k$9$k$H!"%3%s%T%e!<%?!<$,:F5/F0$r7+$jJV$7$^$9!#$3$N8=>]$K4X$9$k>\:Y>pJs$O!"(B$B$3$A$i$N(B Web $B%5%$%H(B ($B1Q8l>pJs(B) $B$r$4Mw$/$@$5$$!#$3$l$O!"(BWindows Update $B$GG[I[$5$l$k99?7%W%m%0%i%`(B $B%Q%C%1!<%8$N%$%s%9%H!<%k(B $B%m%8%C%/$N$_$NJQ99$G!"%;%-%e%j%F%#99?7%W%m%0%i%`$N%P%$%J%j$^$?$O(B Windows Update $B$N8!=P%m%8%C%/$KBP$9$kJQ99$O$"$j$^$;$s!#%^%$%/%m%=%U%H(B $B%@%&%s%m!<%I(B $B%;%s%?!<$h$jDs6!$7$F$$$k%;%-%e%j%F%#99?7%W%m%0%i%`$K$OJQ99$O$J$/!"$3$N?7$?$J%Q%C%1!<%8(B $B%$%s%9%H!<%k(B $B%m%8%C%/$O4^$^$l$F$$$^$;$s!#$9$G$K%7%9%F%`$r99?7:Q$_$N$*5RMM!"<+F099?7$rM-8z$K$7$F$$$k$*5RMM$OFCJL$JAl9g$O!"$G$-$k8B$jAa$$;~4|$K$3$N%;%-%e%j%F%#99?7%W%m%0%i%`$rE,MQ$9$k$3$H$r8!F$$7$F$/$@$5$$!#(B

$B!!(BHow to determine whether a computer is compatible with security update 977165 (Microsoft KB 980966) $B$b;2>H!#(Bpatch $B$rE,MQ$G$-$k$+H]$+$rH=CG$9$k$?$a$N(B Microsoft Fix it $B$d!"%A%'%C%/%D!<%k(B MpSysChk.exe $B$,8x3+$5$l$F$$$k!#(B

$B"#(B $B$$$m$$$m(B (2010.02.11)
(various)

$B"#(B $BDI5-(B

$B9u$$2hLL$K%^%&%9%+!<%=%k(B (Win32/Daonol)

$B!!4XO"(B:

$B$$$m$$$m(B (2009.10.29)

$B!!(BVMSA-2009-0015 / CVE-2009-3733 $B4XO"(B:

  • VM Stealing: The Nmap way (CVE-2009-3733 exploit) (skullsecurity.org, 2009.02.10)

    This is a vulnerability in the VMWare management interface, which is a Web server. All you have to do is add a bunch of "../" sequences to the URL, and give it your chosen path, and it'll let you grab any file on the filesystem. I'm not kidding, but I wish I was. You can even do the classic: https://x.x.x.x/sdk/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/passwd

    Nmap $B%9%/%j%W%H$,7G:\$5$l$F$$$k!#(B

  • Datacenters and Directory Traversals (SANS ISC, 2010.02.10)

Please read: Security Issue on AMO

$B!!(BSothink Web Video Downloader 4.0 $B$N7o$O8m8!=P$@$C$?$=$&$G(B: Firefox$BMQ%"%I%*%s$K%H%m%$$NLZGO!"(B1$B (Internet Watch, 2010.02.10)$B!#(BMaster Filer $B$O8m8!=P$G$O$J$$LOMM!#(B

FTP $B%"%+%&%s%H>pJs$rEp$`%^%k%&%(%"$K4X$9$kCm0U4-5/(B

$B!!(BWinSCP $B$G$9$,!"(B4.2.4 beta $B0J9_$G$O%^%9%?!<%Q%9%o!<%I5!G=$KBP1~$7$F$$$^$9!#:G?7HG$O(B 4.2.5 $B$G$9!#(B

$B!!(BEmFTP $B$K$D$$$F$O%Y%s%@!<$+$i0FFb$,=P$F$^$7$?(B: EmFTP $BK\BN(B : $B%^%k%&%'%"(B (Gumblar $B$J$I(B) $B$K$4Cm0U$/$@$5$$(B (emftp.com, 2010.02.04)

EmFTP $B$N%"%+%&%s%H>pJs$O%l%8%9%H%jFb$K4^$^$l$F$*$jC/$G$b4JC1$K3NG'$9$k$3$H$,$G$-$^$9$,!"%"%+%&%s%H>pJs$NCf$N%Q%9%o!<%I$O!"%m%0%*%s$7$F$$$k(B Windows $B%"%+%&%s%H$N>pJs$r$b$H$K0E9f2=$5$l$F$$$^$9!#$3$N0E9f2=$K$O!"(BWindows API $B$r;HMQ$7$F$*$j!"%"%+%&%s%H;HMQpJs$,ITL@$JE@!"$5$i$K:#8e%^%k%&%(%"$,JQ2=$7!"%"%+%&%s%H@`]$H$J$k>pJs$,JQ2=$9$k2DG=@-$b$"$k$?$a!"(BEmFTP $B$K$O%Q%9%o!<%I$rJ]B8$;$:$K!"%m%0%*%s$N$?$S$K%Q%9%o!<%I$rF~NO$9$k$3$H$r?d>)$7$^$9!#(B

$B!!(BSmartFTP $B$K$O%^%9%?!<%Q%9%o!<%I5!G=$O$J$$$_$?$$(B: Enhancement Requests: Encryption of saved passwords / favourites (smartftp.com, 2009.12.21)

$B"#(B 2010.02.10

$B"#(B $BDI5-(B

FTP $B%"%+%&%s%H>pJs$rEp$`%^%k%&%(%"$K4X$9$kCm0U4-5/(B

$B!!(BFFFTP 1.97a $B$,8x3+$5$l$F$$$^$9!#(BShima $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B $B%^%9%?!<%Q%9%o!<%I5!G=$,DI2C$5$l$^$7$?!#(B

$B!!(BFileZilla $B$K$b%^%9%?!<%Q%9%o!<%I5!G=$,$[$7$$$H$$$&?M$O!"(BTicket #2935 (closed Feature request: rejected): Support for optional Master Password for sitemanager.xml (FileZilla) $B$r;2>H!"$H$$$&$3$H$G!#$d$k5$$J$5$2!#(B

$B!!(BExplzh for Windows 5.58 $B$K$b%^%9%?!<%Q%9%o!<%I5!G=$,Ec:\$5$l$^$7$?!#$i$`$8$#$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2010.02.09

$B"#(B Claimed Zero Day exploit in Samba
(Samba.org, 2010.02.05)

$B!!;EMM$G$9!#(BCVE-2010-0787

This is by design, as applications running on UNIX clients may have good reasons to create symlinks anywhere on the filesystem they have write access that point to local files (such as /etc/passwd).

$B!!$3$N;EMM$,LdBj$@$H9M$($k>l9g$O(B wide links = no $B$9$l$P$h$$$=$&$G!#(B

2010.02.15 $BDI5-(B:

$B!!(BSamba$B$N%G%#%l%/%H%j%H%i%P!<%5%k$N@HZ%l%]!<%H(B (NTT $B%G!<%?%;%-%e%j%F%#(B, 2010.02.12)

2010.03.03 $BDI5-(B:

$B!!(Bsamba 3.5.0 $B$G$O%G%U%)%k%H$G(B wide links = no $B$H$J$C$F$$$k$=$&$G$9!#(B

$B"#(B Adobe$B$,(BFlash Player$B$N@H
(ITmedia, 2010.02.09)

$B!!85$M$?(B: Flash Bug Report (Emmy Huang, 2010.02.06)$B!#7k6I(B Flash Player 10.1 $BBT$A$N$h$&$G!#(B

$B"#(B $B%*%i%/%k$N(BAP$B%5!<%P!V(BWebLogic$B!W$K?<9o$J@H
(ComputerWorld.jp, 2010.02.08)

$B!!$3$N7o(B:

  • Oracle Security Alert for CVE-2010-0073 (Oracle, 2010.02.04)$B!#(BWebLogic Server 7.x $B!A(B 10.x $B$K7g4Y!#(B Node Manager $B$K7g4Y$,$"$j!"(Bremote $B$+$iL5G'>Z$G%3%^%s%I$rCVE-2010-0073

    $B%P!<%8%g%s(B $B%W%i%C%H%[!<%`(B CVSS Base Score
    WebLogic Server 9.0 $B0J9_(B Windows $BHG(B 10.0
    Linux / Unix $B$J$I!"$=$NB>HG(B 7.5
    WebLogic Server 7.0 / 8.1 $BA4$F(B 5.0

    $B$J$<(B Windows $BHG$H$=$NB>HG$H$G(B CVSS Base Score $B$,0[$J$k$N$+$O$h$/$o$+$i$J$$$1$I!D!D!#(B

  • Oracle Weblogic 10.3.2 Node Manager fun (Intevydis blog, 2010.01.23)$B!#(B $B

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#$^$?(B Node Manager $B%]!<%H$X$N%"%/%;%9$r@)8B$9$k$3$H$G!"6<0R$rDc8:$G$-$k!#(B

$B"#(B 2010.02.08

$B"#(B 2010.02.07

$B"#(B $BDI5-(B

FTP $B%"%+%&%s%H>pJs$rEp$`%^%k%&%(%"$K4X$9$kCm0U4-5/(B

$B!!(B$B!V%,%s%V%i!<967b!WBP>]%=%U%H$r(BJPCERT$B$,3NG'!A%5%$%H4IM} (so-net $B%;%-%e%j%F%#DL?.(B, 2010.02.05)

$B"#(B Please read: Security Issue on AMO
(mozilla add-ons blog, 2010.02.04)

$B!!(BFirefox $BMQ$N%"%I%*%s!"(BSothink Web Video Downloader 4.0$B!"$*$h$S(B Master Filer $B$NA4%P!<%8%g%s$K!"%H%m%$$NLZGO$,H/8+$5$l$?OC!#(B

  • Sothink Web Video Downloader 4.0: Win32.LdPinch.gen

  • Master Filer: in32.Bifrose.32.Bifrose

$B!!>e5-%"%I%*%s$O(B addons.mozilla.org (AMO) $B$+$i:o=|$5$l$?!#(B $B$J$*!"(BSothink Web Video Downloader > 4.0 $B$K$O$3$N7g4Y$O$J$$!#(B

$B!!4XO"(B: Firefox Add-ons Infected (ESET Threat Blog, 2010.02.05)

2010.02.11 $BDI5-(B:

$B!!(BSothink Web Video Downloader 4.0 $B$N7o$O8m8!=P$@$C$?$=$&$G(B: Firefox$BMQ%"%I%*%s$K%H%m%$$NLZGO!"(B1$B (Internet Watch, 2010.02.10)$B!#(BMaster Filer $B$O8m8!=P$G$O$J$$LOMM!#(B

$B"#(B 2010.02.05

$B"#(B $B$$$m$$$m(B (2010.02.05)
(various)

$B"#(B $BDI5-(B

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (980088) Internet Explorer $B$N@HpJsO3$($$$,5/$3$k(B

$B!!85$M$?$O$3$l$i$7$$(B: CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities (CORE Security, 2010.02.03)$B!#(B CVE-2010-0255 CVE-2010-0555$B!#(B CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass (CVE-2008-1448$B!"(BMS08-048) $B$H(B CORE-2008-0826: Internet Explorer Security Zone restrictions bypass (CVE-2009-1140$B!"(BMS09-019 $B$N%P%j%(!<%7%g%s$@$H@bL@$5$l$F$$$k!#(B 2009-04-17 $B$+$i$O$8$^$k%?%$%`%i%$%s$,5-$5$l$F$$$k!#(B

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B - 2010 $BG/(B 2 $B7n(B
(Microsoft, 2010.02.05)

$B!!$&$o$C!"$b$&$=$s$J5(@a$G$9$+!#6[5^(B x 5$B!"=EMW(B x 7$B!"7Y9p(B x 1$B!#(B $BFbMF$O!"(BWindows x 11$B!"(BOffice x 2$B!#(B

$B!!(BFebruary 2010 Bulletin Release Advance Notification (MSRC blog, 2010.02.04) $B$K$h$k$H!"(B

$B$@$=$&$G$9!#$"$H!"(B

  • Windows XP SP2 $B$N%5%]!<%H$O(B 2010.07.13 $B$G=*N;$9$k$+$i(B SP3 $B$rEv$F$k$+(B Windows 7 $B$K0\9T$7$F$M(B

  • Windows Vista gold (= RTM$B!"(BSP $B$J$7(B) $B$N%5%]!<%H$O(B 2010.04.13 $B$G=*N;$9$k$+$i(B SP2 $B$rEv$F$k$+(B Windows 7 $B$K0\9T$7$F$M(B

  • Windows 2000 $B$N%5%]!<%H$O(B 2010.07.13 $B$G=*N;$9$k$+$i3P8g$7$F$M(B

$B$H!#(B

$B"#(B 2010.02.04

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (980088) Internet Explorer $B$N@HpJsO3$($$$,5/$3$k(B
(Microsoft, 2010.02.04)

$B!!(BIE 5.01 / 6 / 7 / 8 $B$K7g4Y!#96N,(B Web $B%5!<%P$K%"%/%;%9$9$k$H!"4{CN%Q%9L>$N%U%!%$%k$r

$B!!(Bpatch $B$O$^$@$J$$!#2sHr:v(B / $B4KOB:v$O!"(B

  • Windows Vista / Server 2008 / 7 / Server 2008 R2 $B$G$O!"(B Internet Explorer $B$NJ]8n%b!<%I(B $B$r;HMQ$9$k(B ($B%G%U%)%k%HM-8z(B)

  • $BJ]8n%b!<%I$rMxMQ$G$-$J$$4D6-$G$O!"(B KB 980088 $B$K1d$Y$i$l$F$$$k(B Microsoft Fixit $B$r;HMQ$9$k!#(B (file: $B%W%m%H%3%k$N%m%C%/%@%&%s(B)

  • $B$"$H$O!"(BJavaScript $BL58z2=$H$+(B ActiveX $BL58z2=$H$+$=$&$$$&7O!#(B

$B!!(BBlack Hat $B$M$?$J$N$@$=$&$G(B: $BJF%^%$%/%m%=%U%H$N%V%i%&%6$K?7$?$J@H (AFPBB, 2010.02.04)$B!#(B

2010.02.05 $BDI5-(B:

$B!!85$M$?$O$3$l$i$7$$(B: CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities (CORE Security, 2010.02.03)$B!#(B CVE-2010-0255 CVE-2010-0555$B!#(B CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass (CVE-2008-1448$B!"(BMS08-048) $B$H(B CORE-2008-0826: Internet Explorer Security Zone restrictions bypass (CVE-2009-1140$B!"(BMS09-019 $B$N%P%j%(!<%7%g%s$@$H@bL@$5$l$F$$$k!#(B 2009-04-17 $B$+$i$O$8$^$k%?%$%`%i%$%s$,5-$5$l$F$$$k!#(B

$B"#(B Apache$B!"(B1.3$B7O:G8e$H$J$k!V(BApache HTTP Server 1.3.42$B!W%j%j!<%9(B
(sourceforge.jp, 2010.02.04)

$B!!(BApache 1.3 $B:G=*HG$@$=$&$G$9!#(Biida $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

1.3.42$B$O!"%P!<%8%g%s(B1.3$B7O$G:G8e$N%j%j!<%9$H$J$k!#:#8e$O%U%k%j%j!<%9$N8x3+$O$;$:!"=EMW$J%;%-%e%j%F%#99?7$N$_$r8x3+$9$k!#(B

$B!!$=$N$&$A!V(B$B%U%!%$%J%k!&%+%C%H(B$B!W$,=P$k$K$A$,$$$J$$!#(B

$B"#(B $BDI5-(B

FTP $B%"%+%&%s%H>pJs$rEp$`%^%k%&%(%"$K4X$9$kCm0U4-5/(B

$B!!8=;~E@$K$*$$$FCN$i$l$F$$$k%^%k%&%'%"$G$O!"(BOpera $B$G!V%^%9%?!<%Q%9%o!<%I5!G=!W$rM-8z$K$7$F$$$l$P!"%Q%9%o!<%I$OO31L$7$J$$$=$&$G$9!#$7$+$7%f!<%6L>$d@\B3@h$OO31L$7$F$7$^$&$=$&$G$9!#(B $B$3$l$O!"(BOpera$B$N(BWand$B$r2r@O$9$k%=%U%H(B ($B%=!<%9$"$j(B) (by edvakf in hatena, 2008.07.24) $B$G>R2p$5$l$F$$$k%=%U%H$HF1MM$N5sF0$N$h$&$K8+$($^$9!#(B

$B!!$^$?!"8=;~E@$K$*$$$FCN$i$l$F$$$k%^%k%&%'%"$O!"(BIE 7 $B$d(B IE 8 $B$O!V%"%+%&%s%H@`IE PassView (NirSoft) $B$O(B IE 7 / 8 $B$K$bBP1~$7$F$$$^$9$+$i!"%^%k%&%'%"$,?J2=$9$k$N$O;~4V$NLdBj$N$h$&$K;W$$$^$9!#$A$J$_$K!"(BPasswordFox (NirSoft) $B$H$$$&;PKeIJ$b$"$j$^$9$+$i!"(BFirefox $B$J$i0B?4$J$I$H$$$&88A[$r;}$D$N$O$d$a$^$7$g$&!#(B

$B!!$H$$$&$o$1$G!V%^%9%?!<%Q%9%o!<%I5!G=!W$O!"8=;~E@$G$OM-8z$J7Z8::v$G$O$"$j$^$9!#(B $B$7$+$7$=$l$K0B?4$;$:$K!"%^%k%&%'%"$KXm$i$J$$$?$a$NBP=h(B (OS / $B%"%W%j$N99?7$H!"%;%-%e%"$J@_Dj!&1?MQ(B) $B$r9T$$$^$7$g$&!#(B

$B"#(B Twitter$B!"0lIt%f!<%6!<$N%Q%9%o!<%I$r%j%;%C%H$7$?7o$G>\:Y$r@bL@(B
(CNET, 2010.02.04)

$B!!6=L#?<$$$J$"!#(B

$B!!$"$k?MJ*$,2a5n?tG/4V$K$o$?$j!"%m%0%$%s$H%Q%9%o!<%I$,I,MW$J(BTorrent$B%5%$%H$H%U%)!<%i%`$r9=C[$7$F$-$?$3$H$,!"(BTwitter$B$ND4::$K$h$jH=L@$7$?!#$3$N?MJ*$O$=$N8e!"9=C[$7$?%5%$%H$H%U%)!<%i%`$r!"(BTorrent$B%@%&%s%m!<%I%5%$%H$rFH<+$K;O$a$?$$$H$$$&J#?t$N?MJ*$KGd5Q$7$?$H$$$&!#(B
$B!!9XF~!"EE;R%a!<%k$N%"%I%l%9!"%Q%9%o!<%I$K%"%/%;%9$7$?!W(B
$B!!$3$N967b$K$D$$$F(BTwitter$BB&$,7Y2|$r;O$a$?$-$C$+$1$O!"0[>o$K%U%)%m%o!

$B"#(B 2010.02.03

$B"#(B Wordpress injection attack and $B!H(Baffiliate ping-pong$B!I(B
(Sophos, 2010.02.02)

$B!!I,MW$OH/L@$NJl!#A4$F$O6b$N$?$a!#(B

$B"#(B About the security content of iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod touch
(Apple, 2010.02.02)

$B!!(BiPhone OS 3.1.3 / iPhone OS 3.1.3 for iPod touch $BEP>l!#(B $BG$0U$N%3!<%I$N7$/$b$N$b4^$a$F!"(B5 $B$D$N7g4Y$,=$@5$5$l$F$$$k!#(B

$B"#(B FTP $B%"%+%&%s%H>pJs$rEp$`%^%k%&%(%"$K4X$9$kCm0U4-5/(B
(JPCERT/CC, 2010.02.03)

$B!!(BFTP$B%/%i%$%"%s%H$N%"%+%&%s%H>pJs$rEp$`%^%k%&%'%"$KCm0U(B (slashdot.jp, 2010.02.01) $B$J$I$GOCBj$K$J$C$F$$$?7o$K4X$9$kJq3gE*$JCm0U4-5/$,=P$^$7$?!#8=:_BP>]$H$J$C$F$$$k$N$O(B FFFTP $B$d(B FileZilla $B$@$1$G$O$J$$LOMM(B:

$BK\967b$K;HMQ$5$l$F$$$k%^%k%&%(%"$K46@w$9$k$H!"%f!<%6$N%3%s%T%e!<%?Fb$KJ]B8$5$l$F$$$k%"%+%&%s%H>pJs$,FI$_pJs$NAw?.$r3NG'$7$^$7$?!#(B

- ALFTP 5.2 beta1
- BulletPloof FTP Client 2009.72.0.64
- EmFTP 2.02.2
- FFFTP 1.96d
- FileZilla 3.3.1
- FlashFXP 3.6
- Frigate 3.36
- FTP Commander 8
- FTP Navigator 7.77
- FTP Now 2.6.93
- FTP Rush 1.1b
- SmartFTP 4.0.1072.0
- Total Commander 7.50a
- UltraFXP 1.07
- WinSCP 4.2.5

$B!!(BWinSCP $B$,4^$^$l$F$$$kE@$,=EMW$G$9$+$M!#%^%k%&%'%"$K$h$C$F!V%f!<%6$N%3%s%T%e!<%?Fb$KJ]B8$5$l$F$$$k%"%+%&%s%H>pJs$,FI$_

$B!!$5$i$K!"(B

$B>e5-$K2C$($F!"0J2<$N(B Web $B%V%i%&%6$N%"%+%&%s%H4IM}5!G=$rMQ$$$FJ]B8$5$l$F$$$k>pJs$r%^%k%&%(%"$,@`
- Microsoft$B (Internet Explore 7 $B$*$h$S(B 8 $B$G$O%"%+%&%s%H@` - Opera$B

$B!!!V%^%9%?!<%Q%9%o!<%I5!G=!W$,M-8z$J>l9g$G$bBLL\$J$N$+!"$I$&$J$N$+!D!D!#(B $B%-!<%m%,!<$H7k9g$7$F$$$?$j$9$k$HBLL\$@$m$&$7$J$"!#(B

$B!!$^$!!"Xm$i$J$$$3$H$,:GBg$NKI8f$J$N$G!"(BOS / $B%"%W%j$N99?7$H!"%;%-%e%"$J@_Dj!&1?MQ$r!#(B

2010.02.04 $BDI5-(B:

$B!!8=;~E@$K$*$$$FCN$i$l$F$$$k%^%k%&%'%"$G$O!"(BOpera $B$G!V%^%9%?!<%Q%9%o!<%I5!G=!W$rM-8z$K$7$F$$$l$P!"%Q%9%o!<%I$OO31L$7$J$$$=$&$G$9!#$7$+$7%f!<%6L>$d@\B3@h$OO31L$7$F$7$^$&$=$&$G$9!#(B $B$3$l$O!"(BOpera$B$N(BWand$B$r2r@O$9$k%=%U%H(B ($B%=!<%9$"$j(B) (by edvakf in hatena, 2008.07.24) $B$G>R2p$5$l$F$$$k%=%U%H$HF1MM$N5sF0$N$h$&$K8+$($^$9!#(B

$B!!$^$?!"8=;~E@$K$*$$$FCN$i$l$F$$$k%^%k%&%'%"$O!"(BIE 7 $B$d(B IE 8 $B$O!V%"%+%&%s%H@`IE PassView (NirSoft) $B$O(B IE 7 / 8 $B$K$bBP1~$7$F$$$^$9$+$i!"%^%k%&%'%"$,?J2=$9$k$N$O;~4V$NLdBj$N$h$&$K;W$$$^$9!#$A$J$_$K!"(BPasswordFox (NirSoft) $B$H$$$&;PKeIJ$b$"$j$^$9$+$i!"(BFirefox $B$J$i0B?4$J$I$H$$$&88A[$r;}$D$N$O$d$a$^$7$g$&!#(B

$B!!$H$$$&$o$1$G!V%^%9%?!<%Q%9%o!<%I5!G=!W$O!"8=;~E@$G$OM-8z$J7Z8::v$G$O$"$j$^$9!#(B $B$7$+$7$=$l$K0B?4$;$:$K!"%^%k%&%'%"$KXm$i$J$$$?$a$NBP=h(B (OS / $B%"%W%j$N99?7$H!"%;%-%e%"$J@_Dj!&1?MQ(B) $B$r9T$$$^$7$g$&!#(B

2010.02.07 $BDI5-(B:

$B!!(B$B!V%,%s%V%i!<967b!WBP>]%=%U%H$r(BJPCERT$B$,3NG'!A%5%$%H4IM} (so-net $B%;%-%e%j%F%#DL?.(B, 2010.02.05)

2010.02.10 $BDI5-(B:

$B!!(BFFFTP 1.97a $B$,8x3+$5$l$F$$$^$9!#(BShima $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B $B%^%9%?!<%Q%9%o!<%I5!G=$,DI2C$5$l$^$7$?!#(B

$B!!(BFileZilla $B$K$b%^%9%?!<%Q%9%o!<%I5!G=$,$[$7$$$H$$$&?M$O!"(BTicket #2935 (closed Feature request: rejected): Support for optional Master Password for sitemanager.xml (FileZilla) $B$r;2>H!"$H$$$&$3$H$G!#$d$k5$$J$5$2!#(B

$B!!(BExplzh for Windows 5.58 $B$K$b%^%9%?!<%Q%9%o!<%I5!G=$,Ec:\$5$l$^$7$?!#$i$`$8$#$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2010.02.11 $BDI5-(B:

$B!!(BWinSCP $B$G$9$,!"(B4.2.4 beta $B0J9_$G$O%^%9%?!<%Q%9%o!<%I5!G=$KBP1~$7$F$$$^$9!#:G?7HG$O(B 4.2.5 $B$G$9!#(B

$B!!(BEmFTP $B$K$D$$$F$O%Y%s%@!<$+$i0FFb$,=P$F$^$7$?(B: EmFTP $BK\BN(B : $B%^%k%&%'%"(B (Gumblar $B$J$I(B) $B$K$4Cm0U$/$@$5$$(B (emftp.com, 2010.02.04)

EmFTP $B$N%"%+%&%s%H>pJs$O%l%8%9%H%jFb$K4^$^$l$F$*$jC/$G$b4JC1$K3NG'$9$k$3$H$,$G$-$^$9$,!"%"%+%&%s%H>pJs$NCf$N%Q%9%o!<%I$O!"%m%0%*%s$7$F$$$k(B Windows $B%"%+%&%s%H$N>pJs$r$b$H$K0E9f2=$5$l$F$$$^$9!#$3$N0E9f2=$K$O!"(BWindows API $B$r;HMQ$7$F$*$j!"%"%+%&%s%H;HMQpJs$,ITL@$JE@!"$5$i$K:#8e%^%k%&%(%"$,JQ2=$7!"%"%+%&%s%H@`]$H$J$k>pJs$,JQ2=$9$k2DG=@-$b$"$k$?$a!"(BEmFTP $B$K$O%Q%9%o!<%I$rJ]B8$;$:$K!"%m%0%*%s$N$?$S$K%Q%9%o!<%I$rF~NO$9$k$3$H$r?d>)$7$^$9!#(B

$B!!(BSmartFTP $B$K$O%^%9%?!<%Q%9%o!<%I5!G=$O$J$$$_$?$$(B: Enhancement Requests: Encryption of saved passwords / favourites (smartftp.com, 2009.12.21)

$B"#(B $B$$$m$$$m(B (2010.02.03)
(various)

$B"#(B 2010.02.02

$B"#(B $B$$$m$$$m(B (2010.02.02)
(various)

2010.02.24 $BDI5-(B:

$B!!(BAPSB10-04: Solution available for potential ColdFusion information disclosure issue (Adobe, 2010.01.29) $B$NF|K\8lHG(B: APSB10-04: ColdFusion$B$N>pJs3+<(LdBj$KBP=h$9$k$?$a$N2r7h:v8x3+(B (Adobe)

$B"#(B 2010.02.01

[$B%;%-%e%j%F%#%[!<%k(B memo]
[$B;d$K$D$$$F(B]