$B%;%-%e%j%F%#%[!<%k(B memo

Last modified: Wed Jun 10 12:16:49 2009 +0900 (JST)

$B!!(BSecurity Watch $B$5$s$,E9$8$^$$$5$l$F$7$^$C$?$N$G!"(B $B8D?M$GDI$$$+$1$F$_$k%F%9%H$G$9!#(B $BHwK:O?$H$7$F=q$$$F$*$/$D$b$j$J$N$G!"(B Security Watch $B$5$s$N$h$&$J>\:Y$J$b$N$G$O$"$j$^$;$s!#(B $B4pK\E*$J%?!<%2%C%H$O(B UNIX$B!"(BWindows$B!"(BMac OS (priority $B=g(B) $B$H$7$^$9!#(B $B$^$?!"$3$N%Z!<%8$NFbMF$O$I$N%Z!<%8$K$bA}$7$FL5J]>Z$G$"$k$3$H$r@k8@$7$F$*$-$^$9!#A4$F$N>pJs$,=8$^$C$F$$$k$o$1$b$"$j$^$;$s!#(B

$B!!$3$3$K:\$;$k>pJs$K$D$$$F$O!"(B $B2DG=$J8B$j(B 1 $BpJs8;$X$N%j%s%/$r:n@.$7$F$*$-$^$9!#(B $B3F<+$G(B 1 $BpJs8;$NFbMF$r3NG'$7$F$/$@$5$$!#(B $B$3$N%Z!<%8$NFbMF$r$/$l$0$l$b1-0{$_$K$7$J$$$h$&$K!#(B $B4V0c$$$rH/8+$5$l$?J}!"5-:\$5$l$F$$$J$$>pJs$r$4B8CN$NJ}!"$<$R(B$B$*$7$($F$/$@$5$$(B$B!#$h$m$7$/$*4j$$$$$?$7$^$9!#(B

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B!!(B[ $BDjHV>pJs8;(B ] $B!!2a5n$N5-;v(B: 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

[SCAN Security Wire NP Prize 2001]

$B!V(BScan Security Wire$B!W(B $BSCAN Security Wire NP Prize 2001 $B$r^(B$B$7$^$7$?!#(B

$B!!(B

$B!V%M%C%H%i%s%J!o=,^$r!"%Y%9%H!&%*%V!&>o=,^$r^$7$^$7$?!#(B

www.iraqbodycount.org www.iraqbodycount.org

$BI|4)%j%/%(%9%H
$B%8%'%$%`%:(B.$B#F(B.$B%@%K%,%s!V(B $B?7!&@oAh$N%F%/%N%m%8!<(B$B!W(B($B8=:_(B27$BI<(B)
$BCf;3?.90!V(B$B%=%U%H%&%'%"$NK!E*J]8n(B$B!W(B ($B8=:_(B119$BI<(B) ($B%*%s%G%^%s%I9XF~2D(B)
$B%j%G%k!&%O!<%H!V(B$B@oN,O@!!4V@\E*%"%W%m!<%A(B$B!W(B ($BI|4)7hDj(B)
$BN&0f;0O:Lu!&JT!V(B$B%Y%H%J%`5"4TJ<$N>Z8@(B$B!W(B ($B8=:_(B103$BI<(B)
$BNS9nL@!V(B$B%+%U%+%9$N>.$5$J9q!!%A%'%A%'%sFHN)1?F0;OKv(B$B!W(B ($B8=:_(B166$BI<(B)

RSS $B$KBP1~$7$F$_$^$7$?!#(B $B>.%M%?$O4^$^$l$F$$$^$;$s!#!V@/<#$M$?%&%<%'!W$H$$$&?M$O(B RSS $B%Y!<%9$GFI$`$H9,$;$K$J$l$k$G$7$g$&(B ($B%&%6$/$J$$?M$O(B $B$3$C$A$N(B RSS $B$,$h$$$+$b$7$l$^$;$s(B)$B!#(B RSS 1.0 $B$G$9$N$G!"$"$/$^$G(B RDF Site Summary $B$G$9!#(B $B8=:_$O(B Really Simple Syndication $B$K$OBP1~$7$F$$$^$;$s!#(B
$B:#$9$0(B Really Simple Syndication $B$,$[$7$$?M$O!"$N$$$s$5$s$K$h$k(B Web $B%5%$%H$N(B RSS $B$r>! $B$r;2>H$7$F$/$@$5$$!#(B($B$N$$$s$5$s>pJs$"$j$,$H$&$4$6$$$^$9(B)

$B<BMQ(B SSH $BBh(B2$BHG(B: $B%;%-%e%
2 $B:~$,=P$^$7$?!#(B$B%*%i%$%j!<$GCmJ8$7(B$B!"Hw9MMw$K!VI,$:(B2$B:~$G$"$k$3$H!W$H=q$/$H(B 2 $B:~$r3N

$B"#(B 2009.06.10

$B"#(B Google Chrome Stable update: 2 WebKit security fixes
(Google Chrome Releases, 2009.06.09)

$B!!(BGoogle Chrome 2.0.172.31 $BEP>l!#(B Safari 4.0 $B@5<0HG(B $B$G$b=$@5$5$l$F$$$?(B WebKit $B$N7o!"(B CVE-2009-1690 CVE-2009-1718 $B$,=$@5$5$l$F$$$k!#(B

$B"#(B APSB09-07: Security Updates available for Adobe Reader and Acrobat
(Adobe, 2009.06.09)

$B!!(BAdobe Reader / Acrobat 9.1.1 $B0JA0$K!"G$0U$N%3!<%I$N

$B!!(BAdobe Reader / Acrobat $BFbB"$N99?75!G=$r;H$C$F$b99?7$G$-$k$3$H$r

$B"#(B $BDI5-(B

Microsoft 2009 $BG/(B 5 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BOffice 2004 / 2008 for Mac$B!"(B Open XML File Format Converter for Mac$B!"(BMicrosoft Works 8.5 / 9.0 $BMQ$N(B MS09-017 $B=$@5%W%m%0%i%`$,(B 2009.06.10 $BIU$G8x3+$5$l$?!#(B

IIS 6.0 + WebDAV: Unicode $B%P%0$N5U=1(B

$B!!(BMS09-020 - $B=EMW(B: $B%$%s%?!<%M%C%H(B $B%$%s%U%)%a!<%7%g%s(B $B%5!<%S%9(B (IIS) $B$N@H:3J$5$l$k(B (970483) (Microsoft, 2009.06.10) $B$G=$@5$5$l$^$7$?!#(B

$B"#(B 2009.06.09

$B"#(B About the security content of Safari 4.0
(Apple, 2009.06.09)

$B!!(BSafari 4.0 $B@5<0HGEP>l(B$B!#(BSafari 3.x $B$KB8:_$7$?BgNL$N7g4Y$,=$@5$5$l$F$$$k!#(B WebKit $B$N=$@5$bB??t4^$^$l$F$$$k$1$I!"B>$N>l=j$K$bHt$S2P$9$k$N$+$J!#(B

2009.06.10 $BDI5-(B:

$B!!4XO"(B: Google Chrome Stable update: 2 WebKit security fixes

$B"#(B $BDI5-(B

bid 34736: Adobe Reader 'getAnnots()' Javascript Function Remote Code Execution Vulnerability

$B!!(BIBM ISS $B$G(B CVE-2009-1492 $B$N?7$?$J967b%3!<%I$r3NG'$7$?$=$&$G$9(B: Adobe Reader / Acrobat$B$N@H (IBM, 2009.06.08)$B!#pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2009.06.08

$B"#(B 2009.06.07

$B"#(B 2009.06.05

$B"#(B $B$$$m$$$m(B (2009.06.05)
(various)

[SA35344] Apache Tomcat 6 Denial of Service and Information Disclosure (secunia, 2009.06.05)

$B!!(BApache Tomcat 6.0.20 $BEP>l!#(BDoS $B7g4Y(B CVE-2009-0033$B!"(B $B>pJs3+<($N7g4Y(B CVE-2009-0580$B!"(B XSS $B7g4Y(B CVE-2009-0781$B!">pJs3+<($N7g4Y(B CVE-2009-0783 $B$,=$@5$5$l$F$$$k!#(B

[SA35326] Apache Tomcat Denial of Service and Information Disclosure (secunia, 2009.06.05)

$B!!(BApache Tomcat 6.0.20 $B$G=$@5$5$l$?(B 4 $B$D$N7g4Y$O!"(B Apache Tomcat 4.1.SVN $B$*$h$S(B Apache Tomcat 5.5.SVN $B$G$b=$@5$5$l$F$$$k!#(B

[SA35235] IBM DB2 Denial of Service and LDAP Authentication Security Issue (secunia, 2009.06.03)

$B!!(BDB2 9.1 Fixpak 7 / 9.5 Fixpak 4 $B$G=$@5$5$l$F$$$k$=$&$G!#(B CVE-2009-1905 CVE-2009-1906

ImageMagick "XMakeImage()" Integer Overflow Vulnerability (secunia, 2009.05.27)

$B!!(BImageMagick $B$N(B XMakeImage() $B$K7g4Y$,$"$j!"(B $B96N,2hA|%U%!%$%k$r;H$C$FG$0U$N%3!<%I$rCVE-2009-1882

$B!!(BImageMagick 6.5.2-8 $B0J9_$G=$@5$5$l$F$$$kLOMM!#(B

Winamp MAKI Parsing Vulnerability Details (VRT, 2009.05.20)

$B!!(BWinamp 5.552 $B$G=$@5$5$l$F$$$k!"(BMAKI $B%9%/%j%W%H$N7g4Y$N>\:Y!#(B

$B"#(B Adobe Security Bulletin Advance Notification
(Adobe Product Security Incident Response Team (PSIRT), 2009.06.04)

$B!!(BWindows Update $B$NF|$K$"$o$;$F!"(BAdobe Reader / Acrobat 7.x / 8.x / 9.x $B$N99?7HG$,EP>l$9$kM=Dj$NLOMM!#(B

Adobe expects to deliver security updates for Adobe Reader and Acrobat versions 7.x, 8.x, and 9.x for Windows and Macintosh on Tuesday, June 9.

$B!!$*$d!"(BUnix / Linux $BHG$OMQ0U$5$l$J$$$N$+$J!#(B

2009.06.10 $BDI5-(B:

$B!!$D$E$-(B: APSB09-07: Security Updates available for Adobe Reader and Acrobat

$B"#(B W32/Generic.worm.aa$B$N8mG'$K$D$$$F(B
($B%^%+%U%#!<(B, 2009.06.05)

$B!!%^%+%U%#!<(B VirusScan Enterprise 8.7 Patch 1 $B$*$h$S(B Total Protection Service 4.7.0.771 $B$K$*$$$F!"(BWindows $B$N%7%9%F%`%U%!%$%k$r(B W32/Generic.worm.aa $B$H$7$F8m8!=P$9$k;vNc$,H/@8$7$F$$$kLOMM!#%^%+%U%#!<$O$^$@>u67$rGD0.$G$-$F$$$J$$LOMM!#(B

$BK\LdBj$O!"0lIt$NCr7o$O8=:_J,$+$C$F$$$^$;$s$,!"$9$Y$F$NC $B"((B VirusScan Enterprise 8.7 Patch 1$BE,MQ$r$48!F$Cf$N$*5RMM$O!"(B $BK\LdBj$KBP$9$k>\:Y>pJs$,J@

$B!!(Bpatch $B$J$7$G$N8m8!=PH/@8$O3NG'$5$l$F$$$J$$$=$&$G!#$H$$$&$+!"(Bpatch 1 $B=P$F$?$N$+!#$?$@$$$^%@%&%s%m!<%ICf!#(B

$B!!4XO"(B:

  • False positive detection for W32/Generic.worm.aa with VirusScan Enterprise 8.7i Patch 1 (McAfee, 2009.06.04)$B!#BP>](B OS $B$O(B Windows XP / Vista $B$K$J$C$F$k$J$"!#(B

    To minimize customer impact, McAfee has removed VirusScan Enterprise 8.7i Patch 1 from the McAfee ServicePortal and other download sites. After the root cause for this issue is discovered and resolved, Patch 1 will be reposted to the ServicePortal and download site.

    $B$"$i$"$i!#(Bwww.mcafee.com/japan $B$+$i8=:_?J9T7A$G%@%&%s%m!<%ICf$J$N$@$1$I!#(B $B!D!D%@%&%s%m!<%I40N;!#(B

  • VSE 8.7i Patch 1 has been pulled (McAfee support folum, 2009.06.02$B!A(B)$B!#(BVSE 8.7i patch 1 $B$O!"8m8!=P0JA0$NIJ

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B - 2009 $BG/(B 6 $B7n(B
(Microsoft, 2009.06.05)

$B!!$O$$!"$b$&$=$s$J5(@a$G$9!#(BWindows x 6$B!"(BIE x 1$B!"(BWord x 1$B!"(BExcel x 1$B!"(BOffice x 1 $B$@$=$&$G$9!#Fb!"(BWindows x 2$B!"(BIE x 1$B!"(BWord x 1$B!"(BExcel x 1$B!"(BOffice x 1 $B$O!V6[5^!W%l%Y%k!#(BIE 8 $B$b$5$C$=$/BP>]$K$J$C$F$^$9!#(B

$B!!(BJune 2009 Advance Notification (MSRC blog, 2009.06.04) $B$K$h$k$H!"(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (971778) Microsoft DirectShow $B$N@H $B$N=$@5$O4^$^$l$J$$LOMM$G$9!#(B $B2sHrJ}K!(B$B$r

$B"#(B 2009.06.04

$B"#(B $B$$$m$$$m(B (2009.06.04)
(various)

New version (v 1.4.3.1) of BASE available (SANS ISC, 2009.06.04)

$B!!(BBasic Analysis and Security Engine (BASE) 1.4.3.1 $BEP>l!#J#?t$N(B XSS $B7g4Y$*$h$S(B SQL $B%$%s%8%'%/%7%g%s7g4Y$,=$@5$5$l$F$$$k$=$&$G!#(B

[SA35323] Microsoft Windows "SystemParametersInfo()" Denial of Service (secunia, 2009.06.04)

$B!!(BWindows XP SP3 / Server 2003 SP2 $B$K7g4Y!#(B SystemParametersInfo() $B$N=hM}$K7g4Y$,$"$j!"(B local user $B$,(B DoS $B967b$r

[SA35265] Linux Kernel e1000 Driver Denial of Service Vulnerability (secunia, 2009.06.04)

$B!!(BLinux $B$N(B e1000 $B$K7g4Y$,$"$j!"(Bremote $B$+$i(B DoS $B967b$r

$B"#(B $BDI5-(B

QuickTime 7.6.2 & iTunes 8.2

$B!!(Bexploit:

$B"#(B 2009.06.03

$B"#(B 2009.06.02

$B"#(B QuickTime 7.6.2 & iTunes 8.2
(Apple, 2009.06.02)

$B!!(BQuickTime 7.6.2 & iTunes 8.2 $BEP>l!#9g7W(B 11 $B

QuickTime 7.6.2 $B$N%;%-%e%j%F%#%3%s%F%s%D$K$D$$$F(B (Apple)

$B!!(BQuickTime 7.6.2 $BEP>l!#(B10 $B

CVE $B7g4Y35MW(B $B%d%P$$%V%D(B
CVE-2009-0188 Sorenson 3 $B%S%G%*%U%!%$%k$N=hM}$K$*$$$F%a%b%jGK2u$,H/@8(B $B%`!<%S!<%U%!%$%k(B
CVE-2009-0951 FLC $B05=L%U%!%$%k$N=hM}$K$*$$$F(B buffer overflow $B$,H/@8(B FLC $B05=L%U%!%$%k(B
CVE-2009-0952 $B05=L(B PSD $B2hA|$N=hM}$K$*$$$F(B buffer overflow $B$,H/@8(B PSD $B2hA|%U%!%$%k(B
CVE-2009-0010 PICT $B2hA|$N=hM}$K$*$$$F@0?t(B underflow $B$,H/@8!#(BWindows $B$G$N$_H/@8!#(B PICT $B2hA|%U%!%$%k(B
CVE-2009-0953 PICT $B2hA|$N=hM}$K$*$$$F(B buffer overflow $B$,H/@8(B PICT $B2hA|%U%!%$%k(B
CVE-2009-0954 Clipping Region (CRGN) $B%"%H%`$N=hM}$K$*$$$F(B buffer overflow $B$,H/@8(B $B%`!<%S!<%U%!%$%k(B
CVE-2009-0185 MS ADPCM $B%*!<%G%#%*%G!<%?$N=hM}$K$*$$$F(B buffer overflow $B$,H/@8(B $B%`!<%S!<%U%!%$%k(B
CVE-2009-0955 $B%$%a!<%85-=R%"%H%`$N=hM}$K$*$$$F!"Id9f3HD%$NLdBj$,H/@8(B $B%S%G%*%U%!%$%k(B
CVE-2009-0956 $B%`!<%S!<%U%!%$%k$N=hM}$K$*$$$F!"=i4|2=$5$l$F$$$J$$%a%b%j$r;2>H(B $B%`!<%S!<%U%!%$%k(B
CVE-2009-0957 JP2 $B2hA|$N=hM}$K$*$$$F(B buffer overflow $B$,H/@8(B JP2 $B2hA|%U%!%$%k(B

iTunes 8.2 $B$N%;%-%e%j%F%#%3%s%F%s%D$K$D$$$F(B (Apple)

$B!!(BiTunes 8.2 $BEP>l!#(B CVE-2009-0950 $B$,=$@5$5$l$F$$$k!#(Bitms: URL $B$N=hM}$K$*$$$F(B buffer overflow $B$,H/@8$7$F$$$?$=$&$G!#(B

2009.06.04 $BDI5-(B:

$B!!(Bexploit:

$B"#(B 2009.06.01

$B2a5n$N5-;v(B: 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

[$B%;%-%e%j%F%#%[!<%k(B memo]
[$B;d$K$D$$$F(B]