Some of Word's Galleries are Missing

A new feature in Microsoft Word 2007 is the Building Block Gallery. There is a content control with a drop-down list of galleries, but Microsoft says that not all the galleries are displayed. Some of the ones that aren't are the Bibliography, Watermark, and Cover Page galleries. At http://support.microsoft.com/kb/930201 they say this behavior is by design, but they don't say anything about how to see the missing ones.

Opera 9 Bugs

Two bugs have been discovered in Opera Software's Opera 9 web browser, that may allow attackers to sneak hostile code onto a computer. One bug is in the way Opera handles DHT markers in JPEG files. The other is in the matrices are handled in JavaScript and SVG. These bugs have been fixed in Opera 9.10, which you can get at http://www.opera.com/download/. Opera credits iDefense Labs for finding these bugs.

Adobe Reader Bugs

There are a number of bugs in the Adobe Acrobat Plug-In for browsers, and in the free Adobe Reader 6 and 7. A malicious website may be able to caryy out cross-site scripting attacks because the browser plug-in doesn't correctly validate URI parameters. US CERT says that it appears the bugs were fixed in Adobe Reader 8. Read their report at http://www.kb.cert.org/vuls/id/815960. Stefano Di Paola, Giorgio Fedon, and Elia Florio are credited with finding these bugs. UPDATE: Adobe now has a bulletin at http://www.adobe.com/support/security/advisories/apsa07-01.html.

Google Patches Gmail hole

It appears that Google has fixed a bug in Gmail that would allow a cross-site scripting attack. If a user logged on to Gmail, using their browser, and then later visited a malicious website (without logging out of Gmail), the attackers may have been able to steal all the email addresses from the Contacts list. There have been conflicting reports on how rapidly, and how completely, Google fixed this bug. Network World has the report as of 1/2/07 at http://www.networkworld.com/news/2007/010207-google-closes-gmail-cross-site-scripting.html

Quicktime Bug Allows Buffer Overflow

There is a bug in the way that Apple Quicktime handles RTSP (Real time streaming protocol) links. It may be possible for an attacker to construct one of these links that would trigger a buffer overflow which could be used to run hostile code on your computer. According to the Secunia website at http://secunia.com/advisories/23540/, the bug has been verified in Quicktime 7.1.3.100 for Windows. It is also supposed to affect other Windows and Mac versions as well. Secunia credits LMH for finding the bug. It comes from the "Month of Apple Bugs" website at http://projects.info-pull.com/moab/.