Some of Word's Galleries are Missing

A new feature in Microsoft Word 2007 is the Building Block Gallery. There is a content control with a drop-down list of galleries, but Microsoft says that not all the galleries are displayed. Some of the ones that aren't are the Bibliography, Watermark, and Cover Page galleries. At http://support.microsoft.com/kb/930201 they say this behavior is by design, but they don't say anything about how to see the missing ones.

Opera 9 Bugs

Two bugs have been discovered in Opera Software's Opera 9 web browser, that may allow attackers to sneak hostile code onto a computer. One bug is in the way Opera handles DHT markers in JPEG files. The other is in the matrices are handled in JavaScript and SVG. These bugs have been fixed in Opera 9.10, which you can get at http://www.opera.com/download/. Opera credits iDefense Labs for finding these bugs.

Adobe Reader Bugs

There are a number of bugs in the Adobe Acrobat Plug-In for browsers, and in the free Adobe Reader 6 and 7. A malicious website may be able to caryy out cross-site scripting attacks because the browser plug-in doesn't correctly validate URI parameters. US CERT says that it appears the bugs were fixed in Adobe Reader 8. Read their report at http://www.kb.cert.org/vuls/id/815960. Stefano Di Paola, Giorgio Fedon, and Elia Florio are credited with finding these bugs. UPDATE: Adobe now has a bulletin at http://www.adobe.com/support/security/advisories/apsa07-01.html.

Google Patches Gmail hole

It appears that Google has fixed a bug in Gmail that would allow a cross-site scripting attack. If a user logged on to Gmail, using their browser, and then later visited a malicious website (without logging out of Gmail), the attackers may have been able to steal all the email addresses from the Contacts list. There have been conflicting reports on how rapidly, and how completely, Google fixed this bug. Network World has the report as of 1/2/07 at http://www.networkworld.com/news/2007/010207-google-closes-gmail-cross-site-scripting.html

Quicktime Bug Allows Buffer Overflow

There is a bug in the way that Apple Quicktime handles RTSP (Real time streaming protocol) links. It may be possible for an attacker to construct one of these links that would trigger a buffer overflow which could be used to run hostile code on your computer. According to the Secunia website at http://secunia.com/advisories/23540/, the bug has been verified in Quicktime 7.1.3.100 for Windows. It is also supposed to affect other Windows and Mac versions as well. Secunia credits LMH for finding the bug. It comes from the "Month of Apple Bugs" website at http://projects.info-pull.com/moab/.

Reports of a Gmail Problem

Techcrunch reports on an issue where a number of people, who all appear to be Mozilla Firefox 2.0 users, reported a mass deletion of their Gmail emails, while they were logged in. Read more at http://www.techcrunch.com/2006/12/28/gmail-disaster-reports-of-mass-email-deletions/, including a link to a discussion of the problem at Google Groups, and a response from Google -- which indicates this affected around 60 people. Just goes to show that you should back up your Gmail, err... never mind.

Novell SUSE Pops a New Kernel

There is a new Linux 2.6 kernel for Novell SUSE Linux Enterprise Server 9 and SUSE Linux Enterprise 10. It fixes a bug in the UDF filesystem that sometimes caused the computer to hang when it was truncating files. It also plugged a struct file leak in the perfmon(2) system that happened when the OS was running on an Itanium-based system. Find out more at http://www.novell.com/linux/security/advisories/2006_79_kernel.html

Media Center Update Causes DRM Bug

Once you have installed Windows XP Media Center Edition 2005 Update Rollup 2, you may have problems with Windows Media Digital Rights Manager files. Try to play back one of the protected files, and you may get an error message similar to one of these:
Restricted Content: Restrictions set by the broadcaster and/or originator of the content prohibit playback of the program on this computer
or
0xC00D2751: A problem has occurred in the Digital Rights Management component. Contact Microsoft product support.
Microsoft has issued a new fix to take care of the bug introduced by Update Rollup 2. Get the latest fix at http://support.microsoft.com/kb/913800/. Watch here to find out what bugs this latest bug fix introduced.

Threat Against Windows, Including Vista

TThe Microsoft Security Response Center may have had a slight delay in the beginning of their Christmas holiday, with reports of a public exploit against the Client Server Run-Time Subsystem in Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems. According to their blog, the attacker must have authenticated access to a computer system in order to carry out the attack, which makes it potentially less damaging. More interesting, however, is that Vista is included on the list of vulnerable systems. Read the whole thing at http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx.

Cursor Bug Trips Up Mozilla

There is a bug in the way that Mozilla Firefox 2.0 and 1.5.0.8, Thunderbird 1.5.0.8, and SeaMonkey 1.0.6 set the CSS (Cascading Style Sheet) cursor property. The bug may cause a buffer overflow as the custom cursor is converted to a Windows bitmap. This can possibly be exploited by a malicious website to install hostile code on your computer. This has been fixed in Firefox 2.0.0.1 and 1.5.0.9, Thunderbird 1.5.0.9, and SeaMonkey 1.0.7. Mozilla rates this as a Critical bug, and credits Frederik Reiss with finding and reporting it.

Yahoo Messenger Tripped Up By ActiveX Bug

Yahoo (I'm not putting in the exclamation point) says there is a bug in their Yahoo Messenger due to a bad ActiveX control. The bug may trigger a buffer overflow, which could be activated by visiting a maliciously designed web page. Yahoo says you may be vulnerable if you installed Yahoo Messenger before 11/2/06 (although they didn't post this notice until 12/8/06). You can get an update that fixes this bug at http://messenger.yahoo.com/security_update.php?id=120806

Vista Changes Unpacking Method

Microsoft has changed the way that the Microsoft Update Standalone packages work for Windows Vista. The old way to view the contents or extract the contents of one of the packages will not work -- especially if you are trying to do this on a non-Vista computer. It's because they use the "New and Improved" (those are air-quotes) Intra-Package Delta (IPD) compression technology. You will need to get the Windows Vista OEM Pre-installation Kit (OPK) if you want to view and extract. See http://support.microsoft.com/kb/928636 for the details.

An Accidental Patch from Microsoft

A security patch for Microsoft Office for the Mac was accidently released ahead of time via auto-update. According to the Microsoft Security Response Center blog, they are still testing this patch, and a pre-release version was accidently released. They've taken the patch out of circulation, and they also recommend that you uninstall the patch. See http://blogs.technet.com/msrc/archive/2006/12/13/information-on-accidental-posting-of-pre-release-security-updates-for-office-for-mac.aspx for the details.

Another MS Word Attack

There is a new zero-day attack against Microsoft Word, apparently unrelated to the zero-day attack discussed in the 12.6 BugBlog. It affects Word 2000, 2002, 2003, and the Word Viewer 2003. However, the brand new Word 2007 is not affected. (A cynical person would say this is all a marketing ploy to get people to upgrade. Luckily, I'm not cynical.) The issue is being actively exploited, according to Microsoft. At this point, it does not appear that there will be a fix for either of these issues in time for the 12/12 Patch Tuesday Security Releases. See http://blogs.technet.com/msrc/archive/2006/12/10/new-report-of-a-word-zero-day.aspx for more.