$B%;%-%e%j%F%#%[!<%k(B memo

Last modified: Fri Sep 25 16:56:23 2009 +0900 (JST)

$B!!(BSecurity Watch $B$5$s$,E9$8$^$$$5$l$F$7$^$C$?$N$G!"(B $B8D?M$GDI$$$+$1$F$_$k%F%9%H$G$9!#(B $BHwK:O?$H$7$F=q$$$F$*$/$D$b$j$J$N$G!"(B Security Watch $B$5$s$N$h$&$J>\:Y$J$b$N$G$O$"$j$^$;$s!#(B $B4pK\E*$J%?!<%2%C%H$O(B UNIX$B!"(BWindows$B!"(BMac OS (priority $B=g(B) $B$H$7$^$9!#(B $B$^$?!"$3$N%Z!<%8$NFbMF$O$I$N%Z!<%8$K$bA}$7$FL5J]>Z$G$"$k$3$H$r@k8@$7$F$*$-$^$9!#A4$F$N>pJs$,=8$^$C$F$$$k$o$1$b$"$j$^$;$s!#(B

$B!!$3$3$K:\$;$k>pJs$K$D$$$F$O!"2DG=$J8B$j(B 1 $BpJs8;$X$N%j%s%/$r:n@.$7$F$*$-$^$9!#(B $B3F<+$G(B 1 $BpJs8;$NFbMF$r3NG'$7$F$/$@$5$$!#(B $B$3$N%Z!<%8$NFbMF$r$/$l$0$l$b1-0{$_$K$7$J$$$h$&$K!#(B $B4V0c$$$rH/8+$5$l$?J}!"5-:\$5$l$F$$$J$$>pJs$r$4B8CN$NJ}!"$<$R(B$B$*$7$($F$/$@$5$$(B$B!#$h$m$7$/$*4j$$$$$?$7$^$9!#(B

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B!!(B[ $BDjHV>pJs8;(B ] $B!!2a5n$N5-;v(B: 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

[SCAN Security Wire NP Prize 2001]

$B!V(BScan Security Wire$B!W(B $BSCAN Security Wire NP Prize 2001 $B$r^(B$B$7$^$7$?!#(B

$B!!(B

$B!V%M%C%H%i%s%J!o=,^$r!"%Y%9%H!&%*%V!&>o=,^$r^$7$^$7$?!#(B

www.iraqbodycount.org www.iraqbodycount.org

$BI|4)%j%/%(%9%H
$B%8%'%$%`%:(B.$B#F(B.$B%@%K%,%s!V(B $B?7!&@oAh$N%F%/%N%m%8!<(B$B!W(B($B8=:_(B27$BI<(B)
$BCf;3?.90!V(B$B%=%U%H%&%'%"$NK!E*J]8n(B$B!W(B ($B8=:_(B119$BI<(B) ($B%*%s%G%^%s%I9XF~2D(B)
$B%j%G%k!&%O!<%H!V(B$B@oN,O@!!4V@\E*%"%W%m!<%A(B$B!W(B ($BI|4)7hDj(B)
$BN&0f;0O:Lu!&JT!V(B$B%Y%H%J%`5"4TJ<$N>Z8@(B$B!W(B ($B8=:_(B103$BI<(B)
$BNS9nL@!V(B$B%+%U%+%9$N>.$5$J9q!!%A%'%A%'%sFHN)1?F0;OKv(B$B!W(B ($B8=:_(B166$BI<(B)

RSS $B$KBP1~$7$F$_$^$7$?!#(B $B>.%M%?$O4^$^$l$F$$$^$;$s!#!V@/<#$M$?%&%<%'!W$H$$$&?M$O(B RSS $B%Y!<%9$GFI$`$H9,$;$K$J$l$k$G$7$g$&(B ($B%&%6$/$J$$?M$O(B $B$3$C$A$N(B RSS $B$,$h$$$+$b$7$l$^$;$s(B)$B!#(B RSS 1.0 $B$G$9$N$G!"$"$/$^$G(B RDF Site Summary $B$G$9!#(B $B8=:_$O(B Really Simple Syndication $B$K$OBP1~$7$F$$$^$;$s!#(B
$B:#$9$0(B Really Simple Syndication $B$,$[$7$$?M$O!"$N$$$s$5$s$K$h$k(B Web $B%5%$%H$N(B RSS $B$r>! $B$r;2>H$7$F$/$@$5$$!#(B($B$N$$$s$5$s>pJs$"$j$,$H$&$4$6$$$^$9(B)

$B<BMQ(B SSH $BBh(B2$BHG(B: $B%;%-%e%
2 $B:~$,=P$^$7$?!#(B$B%*%i%$%j!<$GCmJ8$7(B$B!"Hw9MMw$K!VI,$:(B2$B:~$G$"$k$3$H!W$H=q$/$H(B 2 $B:~$r3N

$B"#(B 2009.09.25

$B"#(B Stop error message on a computer that is running Windows Vista or Windows Server 2008: "STOP: 0x0000007F"
(Microsoft KB 972907, 2009.09.25)

$B!!%"%s%A%&%$%k%9%I%i%$%P$H$+(B VPN $B%/%i%$%"%s%H%I%i%$%P$H$+%_%K%]!<%H%I%i%$%P$H$+$$$C$?!"(B3rd party $B@=$N%M%C%H%o!<%/%I%i%$%P$,F~$C$F$$$k$H$-$K5/$-$k$3$H$,$"$k$_$?$$!#(B

This issue occurs because the Tcpip.sys driver occupies most of the space in the kernel mode stack. This leaves less space in the networking stack for the regular operations of the operating system. Therefore, the system may crash intermittently.

$B!!(BVista SP[12]$B!"(BServer 2008 gold / SP2 $BMQ$N(B hotfix $B$,=P$F$^$9!#(B

$B"#(B $BDI5-(B

Opera 10 for Windows $B99?7MzNr(B

$B!!$3$s$JLdBj$b$"$C$?$i$7$$(B: JVN#39157969: Opera $B$K$*$1$k%5!<%I%Q!<%F%#(B Cookie $B$N (JVN, 2009.09.17)$B!#(BOpera 10 $B$G=$@5$5$l$F$$$k$=$&$@!#M-@4CR$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B $B$$$m$$$m(B (2009.09.25)
(various)

$B"#(B 2009.09.24

$B"#(B [Namazu-users-ja 1180] $BF|K\8lA4J88!:w%7%9%F%`(B Namazu 2.0.20 $B%j%j!<%9(B
(namazu.org, 2009.09.23)

$B!!(BNamazu 2.0.20 $BEP>l!#%;%-%e%j%F%#(B fix $B$,4^$^$l$F$^$9!#(B 

  * namazu, namazu.cgi

  ($B6[5^EY(B:$BCf(B)
  - $B%P%C%U%!%*!<%P!<%i%s$r5/$3$92DG=@-$,$"$kIT6q9g$r=$@5!#(B

    NMZ.field.* $B$K6u9T$,$"$j!"$=$N%U%#!<%k%ICM$r(B NMZ.result.* $B$GI=<((B
    $B$7$?>l9g$K%P%C%U%!%*!<%P!<%i%s$r5/$3$9IT6q9g$,$"$j$^$9!#(B

$B"#(B Cisco$B!"(BIOS$B$NDjNc%"%C%W%G!<%H$G(B12$B7o$N@H
(ITmedia, 2009.09.24)

$B!!E\Es$N(B 12 $BO"H/!#(BCISCO Security Advisories (SANS ISC, 2009.09.23) $B$,8+$d$9$$!#(B

$B"#(B Consumer Anti-Malware Endpoint Protection Test Report Q3
(NSSLabs, 2009.09.08)

$B!!CxL>$J8D?M8~$1Am9g%;%-%e%j%F%#%=%U%H$,!"8=]$O$$$:$l$b(B 2009 $B%7%j!<%:!#(B $B:#2s$N7k2L$O$"$/$^$G(B socially engineered malware $B$KBP$7$F$G$"$j!":#8e!"(Bphising $B$d(B exploit $B$K$D$$$F$N%F%9%H$,9T$o$l$k$_$?$$!#$H$O$$$(!"$9$3$V$k6=L#?<$$!#(B

$B!!?t$"$k@=IJ$NCf$G!"(BTrend Micro Internet Security 2009 $B$,$:$PH4$1$?@.@S$rG<$a$F$$$k!#2A$5$l$F$$$k!#(B

$B!!(BNSSLabs $B$O(B$B%(%s%?!<%W%i%$%:8~$1@=IJ$K$D$$$F$b%l%]!<%H$r=P$7$F$$$k(B$B$,!"$3$A$i$OM-=~G[I[(B ($1,800)$B!#8D?M$GGc$&$K$O$A$g$C$H$D$i$$!#(B

$B!!4XO"(B: NSS Labs Endpoint Protection Test Results (metasploit blog, 2009.09.21)$B!#(Bmetasploit $B$J?M$N;kE@$K$h$k9M;!!#(B

From my own testing with Metasploit-generated payload executables, both Trend and Kaspersky seem to rely on heuristics and behavior more than the other products in the field. For example, this VirusTotal report shows the results of a reverse connect shell generated by the latest version of Metasploit. While two products misclassified the executable as "Win32:Tipa" (due to the read/write/exec section), Trend Micro was the only product to clearly identify the file as "packed" using what looks like an entropy signature. Two McAfee products flagged the file as suspicious, but in most scenarios the file would have been allowed anyways. Unique hashing doesn't work in this case, as the executable is randomized every time it is generated by Metasploit.

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2009.09.12)

$B!!(Byoyaku_v41 $B$N7o(B$B$N4XO">pJs(B: LAC Advisory No.102: yoyaku_v41 $B$K$*$1$k(B OS$B%3%^%s%I%$%s%8%'%/%7%g%s$N@H (LAC, 2009.09.18)$B!#;3:j$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

Microsoft Security Essentials Beta

$B!!(BMS$B$NL5NA%&%$%k%9BP:v%=%U%H!V(BMicrosoft Security Essentials$B!W!"$^$b$J$/@5<08x3+$X(B (CNET, 2009.09.24)$B!#$$$h$$$h$_$?$$$G$9$M!#(B

$B"#(B $B%O%C%/$5$l$?%O%C%+!
($B%(%U%;%-%e%"%V%m%0(B, 2009.09.18)

$B!!$D$E$-(B: RE $B%O%C%/$5$l$?%O%C%+! ($B%(%U%;%-%e%"%V%m%0(B, 9/21)

$B!J(BcP$B!{!{!{(BL??$B!K(B($BCfN,(B) $B!J(B6$B7n8x3+$N(B0day$B!K(B

$B!!$3$l$+$J$"(B:

$B!!$"$H!"(BcPanel Security Update: CSRF (cross-site request forgery) (cpanel.net, 2009.08.03) $B$J$s$F$N$b!#(B cPanel 11.25 $B$G:,K\E*$JBP:v$,cPanel/WHM 11.25 EDGE Now Available (cpanel.net, 2009.09.15)

$B"#(B About the security content of iTunes 9.0.1
(Apple, 2009.09.23)

$B!!(BiTunes 9.0 $B0JA0(B (?) $B$K7g4Y!#(B.pls $B%U%!%$%k$N=hM}$K7g4Y$,$"$j!"96N,(B .pls $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2009-2817

$B!!(BiTunes 9.0.1 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B 2009.09.23

$B"#(B 2009.09.22

$B"#(B Snort < 2.8.5 Unified1 Output Denial of Service Exploit
(milw0rm, 2009.09.22)

$B!!(BSnort 2.8.5 $B$K$O(B security fix $B$,4^$^$l$F$$$?$s$G$9$M!#(B

$B"#(B 2009.09.21

$B"#(B 2009.09.20

$B"#(B PHP 5.2.11 Release Announcement
(PHP.net, 2009.09.16)

$B!!(BPHP 5.2.11 $BEP>l!#(B4 $B$D$N7g4Y$,=$@5$5$l$F$$$k!#(B

$B"#(B $BDI5-(B

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (975497) SMB $B$N@H

$B!!(BUpdate on the SMB vulnerability situation (Microsoft Security Research & Defense, 2009.09.18)

$B$$$m$$$m(B (2009.09.08)

$B!!(BRoboHelp$B!"(Bfix $B=P$^$7$?(B: APSB09-14: Security update available for RoboHelp Server 8 (Adobe, 2009.09.18)$B!#(BCVE-2009-3068

$B"#(B wnpa-sec-2009-06: Multiple vulnerabilities in Wireshark version 0.99.6 to 1.2.1
(Wireshark.org, 2009.09.15)

$B!!(BWireshark 1.2.2 $BEP>l!#(B3 $B$D$N7g4Y$,=$@5$5$l$F$$$k!#(B CVE-2009-3243 CVE-2009-3242 CVE-2009-3241

$B"#(B 2009.09.19

$B"#(B 2009.09.18

$B"#(B $BDI5-(B

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (975497) SMB $B$N@H

$B!!(B$B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B 975497 $B$,2~D{$5$l$?!#(B

$B"#(B 2009.09.17

$B"#(B $BDI5-(B

Helping users keep plugins updated

$B!!7k2LH/I=(B: Helping People Upgrade Flash (Blog of Metrics, 2009.09.16)

So, what has transpired since last Wednesday?

In one week, 10,000,000 people have clicked on the $B!H(Bflash update$B!I(B link below.

$B!!(B1,000 $BK|!D!D!#$J$+$J$+$$$$?t;z$G$9$M!#(BMicrosoft $B$b$<$RDI?o$7$F$/$@$5$$!#(B ($B$=$N>l9g!"$b$&(B 1 $B7e>e$r9T$/$G$7$g$&$M!D!D(B)

$B"#(B 2009.09.16

$B"#(B Microsoft Update$B$,CY$/$J$k%H%i%V%k$,H/@8!!(B MS$B$,G'<1$7$J$$$^$^!V<+A3I|5l!W(B
($BF|7P(B IT Pro, 2009.09.14)

$B!!$D$^$jLdBj$O!$(BMicrosoft Update$B%5%$%H!$$^$?$O(BMicrosoft Update$B%5%$%H$r<}MF$9$k(BCDN$B$K$"$k2DG=@-$,9b$$!#(B ($BCfN,(B) $B%U%l%C%DLV7PM3$G%"%/%;%9$9$k(BMicrosoft Update/Windows Update$B$,CY$$$H$$$&LdBj$O!$%^%$%/%m%=%U%H$,G'<1$7$J$$$^$^H/@8$7!$%^%$%/%m%=%U%H$,G'<1$7$J$$$^$^<}B+$7$?!#%f!<%6!<$H$7$F$O2?$H$bIT0B$,;D$k7kKv$@!#(B

$B!!(BMicrosoft $B$,0-$$$N$+!"(BCDN $B$,0-$$$N$+!"$I$C$A$J$s$@$m$&!D!D!#(B

$B"#(B $B$$$m$$$m(B (2009.09.16)
(various)

$B"#(B Google Chrome Releases: Stable Channel Update
(Google Chrome Releases, 2009.09.15)

$B!!(BGoogle Chrome 3.0.195.21 $B$,%j%j!<%9$5$l!"(B2.x $B7ONs$KBe$o$C$F(B stable $B2=$5$l$?!#(B 2 $B7o$N%;%-%e%j%F%#7g4Y$,=$@5$5$l$F$$$k!#(B

$B"#(B Re: [Full-disclosure] FreeBSD <= 6.1 kqueue() NULL pointer dereference
(bugtraq, 2009.09.13)

$B!!(BFreeBSD <= 6.1 kqueue() NULL pointer Dereference Local Root Exploit $B$N7o!"$j@Z$C$F$$$J$$$H$$$&;XE&!#(B FreeBSD 6.4-RELEASE $B$G$N2hA|$@$H$$$&%G%b2hLL$,>R2p$5$l$F$$$k!#(B $BK\Ev$J$N$+$J$"!#(B

$B!!$D!<$+!"(BFreeBSD 7.2 local root vulnerability (0day) $B$H$$$&$N$b=P$F$k$s$G$9$,!"$3$l$O2?!D!D!#(B

$B"#(B War FTP Daemon Remote Denial Of Service Vulnerability
(bugtraq, 2009.09.13)

$B!!(BWar FTP Daemon 1.82 RC 13 $BEP>l(B ($B%@%&%s%m!<%I(B)$B!#(B WarFTPd 1.82.00-RC12 (LIST command) Format String DoS Exploit (milw0rm) $B$N7o$,=$@5$5$l$F$$$k$H;W$o$l!#(B

$B"#(B 2009.09.15

$B"#(B [Securitry Advisory] Multiple Smartphones MMS Notification Sender Obfuscation
(silentservices.de, 2009.09.11)

$B!!(BBlackberry 8800 (Firmware: 4.5.0.37)$B!"(B Windows Mobile 5 / 6.0 / 6.1 / 6.5$B!"(B Sony Ericsson W890i / W810i $B$K$*$$$F!"(BMMS $B$NH/?.$BAw?. ($B%(%U%;%-%e%"%V%m%0(B, 2009.09.14)

$B"#(B Restricted users may have unauthorized access to Office 2008 for Mac program files
(Microsoft, 2008.01.08)

$B!!$3$s$JOC$,$"$C$?$N$G$9$M!#(B CVE-2008-7217 $B$,(B 2009.09.13 $B$K(B assign $B$5$l$F!"$O$8$a$F5$$,$D$$$?!#(B

$B"#(B 2009.09.14

$B"#(B 2009.09.13

$B"#(B 2009.09.12

$B"#(B $BDI5-(B

Firefox 3.5.3 / 3.0.14 $B%j%j!<%9(B

$B!!=$@50lMw(B:

MFSA 2009-51
FeedWriter $B$K$h$k%/%m!<%`FC8">:3J(B
MFSA 2009-50
$B2aBg$J9T9b$N(B Unicode $BJ8;z$rDL$8$?%m%1!<%7%g%s%P!<$N56Au(B
MFSA 2009-49
$B%D%j!
MFSA 2009-48
PKCS11 $B%b%8%e!<%k$N%$%s%9%H!<%k$H:o=|$K4X$9$kIT==J,$J7Y9p(B
MFSA 2009-47
$B%a%b%jGK2u$N7A@W$,$"$k%/%i%C%7%e(B (rv:1.9.1.3/1.9.0.14)

$B!!(BMFSA 2009-48 $B$O(B Firefox 3.0.x $B$N$_!"B>$O(B Firefox 3.0.x / 3.5.x $B6&DL!#(B $B4XO"(B:

$B$$$m$$$m(B (2009.09.08)

$B!!(BRoboHelp $B$N7oB3Js(B: Update on RoboHelp Server 8 Issue (Adobe PSIRT blog, 2009.09.09)$B!#(B2009.09.18 $B$K(B fix $B$,=P$kM=Dj$N$h$&$G$9!#(B

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (975497) SMB $B$N@H

$B!!(B Windows$B$N(BSMB$B$N(BDoS$B967b$N@HZ%l%]!<%H(B (NTT $B%G!<%?!&%;%-%e%j%F%#(B, 2009.09.10)

[Full-disclosure] Linux NULL pointer dereference due to incorrect proto_ops initializations

$B!!4XO"(B:

$B"#(B $B$$$m$$$m(B (2009.09.12)
(various)

2009.09.24 $BDI5-(B:

$B!!(Byoyaku_v41 $B$N7o(B$B$N4XO">pJs(B: LAC Advisory No.102: yoyaku_v41 $B$K$*$1$k(B OS$B%3%^%s%I%$%s%8%'%/%7%g%s$N@H (LAC, 2009.09.18)$B!#;3:j$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2009.09.11

$B"#(B About Security Update 2009-005
(Apple, 2009.09.09)

$B!!(BMac OS X 10.4.11 / 10.5.8 $BMQ$N%;%-%e%j%F%#99?7!#Nc$K$h$C$FB??t$N=$@5!#(B

$B"#(B $BDI5-(B

Flash Player update and Snow Leopard

$B!!(BMac OS X 10.6.1 $B$GBP1~$5$l$?(B: About the security content of the Mac OS X v10.6.1 Update (Apple, 2009.09.11)

Helping users keep plugins updated

$B!!(BFirefox $B$N5lHG(B Flash Player $B%W%i%0%$%s7Y9p$N7o!"5sF0$r3NG'$7$F$_$?!#(B

  • Firefox 3.5.3 $B$K(B Flash Player 10.0.22.87 $B$r%$%s%9%H!<%k$7$F$_$?$,!"2?$NH?1~$bF@$i$l$J$$!#(BFirefox $B$r:F5/F0$7$F$bF1MM!#(B

  • Firefox 3.5.2 $B$K(B Flash Player 10.0.22.87 $B$r%$%s%9%H!<%k$7!"(B Firefox 3.5.3 $B$K%"%C%W%G!<%H$9$k$H!"%"%C%W%G!<%H8e(B Firefox $B$r:F5/F0$7$?;~E@$G!"(BFlash Player $B$N99?7$rB%$5$l$?!#(B

$B!!4XO"(B: $B!V5!G=$rDI2C!W$H$$$&$N$O@53N$G$O$J$$(B (slashdot.jp, 2009.09.11)

Microsoft 2009 $BG/(B 9 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BMS09-048 $B$,2~D{$5$l$?!#(B

2009/9/10: $B!V1F6A$r]HO0O$K$D$$$F$N@bL@$rDI2C$7$^$7$?!#$3$N%;%-%e%j%F%#>pJs$GDs6!$7$F$$$k%;%-%e%j%F%#99?7%W%m%0%i%`$KJQ99$O$"$j$^$;$s!#(B

$B!!2?$,JQ$o$C$?$s$@$m$&!D!D!#2~D{A0$N(B FAQ $B$O$3$&(B:

Windows XP $B$N4{Dj$N9=@.$,$3$N@H
$B4{Dj$G!"(BWindows XP Service Pack 2$B!"(BWindows XP Service Pack 3 $B$*$h$S(B Windows XP Professional x64 Edition Service Pack 2 $B$K$O%/%i%$%"%s%H(B $B%U%!%$%"%&%)!<%k$G9=@.$5$l$?%j%9%K%s%0%5!<%S%9$,4^$^$l$F$$$J$$$?$a!"$3$N@Hl9g!"1F6A$re$N6aNY$N%M%C%H%o!<%/%G%P%$%9$+$i$N\:Y!W$N%;%/%7%g%s$N4KOB:v$*$h$S2sHr:v$O!"(B Windows XP Service Pack 2$B!"(BWindows XP Service Pack 3 $B$*$h$S(B Windows XP Professional x64 Edition Service Pack 2 $B$K$bE,MQ$7$^$9!#(B

$B!!2~D{8e$O$3$&(B:

$B1F6A$r
$B4{Dj$G!"(BWindows XP Service Pack 2$B!"(BWindows XP Service Pack 3 $B$*$h$S(B Windows XP Professional x64 Edition Service Pack 2 $B$K$O%/%i%$%"%s%H(B $B%U%!%$%"%&%)!<%k$G9=@.$5$l$?%j%9%K%s%0(B $B%5!<%S%9$,4^$^$l$F$$$J$$$?$a!"$3$N@H2A$7$F$$$^$9!#$5$i$K!"(BWindows XP Service Pack 2 $B$*$h$S$=$l0J9_$N%*%Z%l!<%F%#%s%0(B $B%7%9%F%`$K$O!"%9%F!<%H%U%k(B $B%[%9%H(B $B%U%!%$%"%&%)!<%k$,4^$^$l$F$*$j!"%$%s%?!<%M%C%H$^$?$O%W%i%$%Y!<%H(B $B%M%C%H%o!<%/>e$N6aNY$N%M%C%H%o!<%/(B $B%G%P%$%9$+$i$N

$B!!@bL@$K$J$C$F$J$$!"$H$$$&0UL#$G$O2?$N0c$$$b$J$$!#(B

$B"#(B 2009.09.10

$B"#(B Microsoft 2009 $BG/(B 9 $B7n$N%;%-%e%j%F%#>pJs(B
(Microsoft, 2009.09.09)

MS09-045 - $B6[5^(B: JScript $B%9%/%j%W%H(B $B%(%s%8%s$N@H

$B!!(BWindows 2000 / XP / Server 2003 / Vista / Server 2008 $B>e$GF0:n$9$k(B JScript 5.1 / 5.6 / 5.7 / 5.8 $B$K7g4Y!#96N,(B Web $B%Z!<%8Ey$K;E9~$^$l$?%9%/%j%W%H$K$h$C$FG$0U$N%3!<%I$rCVE-2009-1920$B!#(B Exploitability Index: 1$B!#(B Windows 7 / Server 2008 R2 $B$K$O$3$N7g4Y$O$J$$!#(B

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#$?$@$7!"K\(B patch $B$N%$%s%9%H!<%k8e$K(B IE 7 $B$d(B IE 8 $B$r%$%s%9%H!<%k$7!"$=$l$iMQ$N(B JScript patch $B$rDI2C%$%s%9%H!<%k$9$k$H!"(B $BDI2C%$%s%9%H!<%k$7$?J,$N(B patch $B$r%"%s%$%s%9%H!<%k$G$-$J$/$J$C$F$7$^$&$3$H$,$"$k$N$GCm0U!#$D!<$+!"$3$l$O%O%^$k$C$F!D!D!#(BKB971961 $B;2>H!#(B

$B!!$3$N>u67$rHr$1$k$K$O(B:

  • patch $B%$%s%9%H!<%kA0$K(B IE 7 $B$d(B IE 8 $B$r%$%s%9%H!<%k$9$k$+!"$"$k$$$O(B

  • $B0lC6$3$N(B patch $B$r%"%s%$%s%9%H!<%k$7$?8e$G!"(BIE 7 $B$d(B IE 8 $B$r%$%s%9%H!<%k$9$k(B

$B!!$C$F<+J,$G=q$$$F$F%"%l$@$1$I!"(B1 $B=54V$b$9$l$PK:$l$A$c$&$h$3$s$J$N!D!D!#(B

MS09-046 - $B6[5^(B: DHTML $BJT=8%3%s%]!<%M%s%H$N(B Active X $B%3%s%H%m!<%k$N@H

$B!!(BWindows 2000 / XP / Server 2003 $B$K7g4Y!#(B DHTML $BJT=8%3%s%]!<%M%s%H$N(B ActiveX $B%3%s%H%m!<%k$K7g4Y$,$"$j!"(B $B96N,(B web $B%Z!<%8$K$h$C$FG$0U$N%3!<%I$rCVE-2009-2519$B!#(BExploitability Index: 2

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

MS09-047 - $B6[5^(B: Windows Media Format $B$N@H

$B!!(BWindows Media Format Runtime 9.0 / 9.5 / 11$B!"(B Microsoft Media Foundation$B!"(BWindows Media $B%5!<%S%9(B 9.1 / 2008 $B$K7g4Y!#(B ASF (Advanced Systems Format) $B%U%!%$%k$*$h$S(B MP3 (MPEG-1 Audio Layer 3) $B%U%!%$%k$N=hM}$K7g4Y$,$"$j!"96N,%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2009-2498 CVE-2009-2499$B!#(BExploitability Index: $B$I$A$i$b(B 1

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

MS09-048 - $B6[5^(B: Windows TCP/IP $B$N@H

$B!!(BWindows 2000 / XP / Server 2003 / Vista / Server 2008 $B$N(B TCP $B

$B!!(BWindows 7 / Server 2008 R2 $B$K$O$3$l$i$N7g4Y$O$J$$!#$^$?(B Windows XP SP2 / SP3 $B$N=P2Y;~@_Dj$K$*$$$F$O!"$3$N7g4Y$OH/8=$7$J$$!#(B

$B!!(Bpatch $B$O!"(BWindows Server 2003 / Vista / Server 2008 $BMQ$N$_$,MQ0U$5$l$F$$$k!#(BWindows 2000 / XP $BMQ$OB8:_$7$J$$!#(BWindows 2000 $BMQ$N(B patch $B$,MQ0U$5$l$J$$M}M3$O@bL@$5$l$F$$$k$,!"(BWindows XP $BMQ$N(B patch $B$,MQ0U$5$l(B$J$$M}M3$O@bL@$5$l$F$$$J$$!#

$B!!4XO"(B:

MS09-049 - $B6[5^(B: $B%o%$%d%l%9(B LAN $B<+F09=@.%5!<%S%9$N@H

$B!!(BWindows Vista / Server 2008 $B$K7g4Y!#(B $B%o%$%d%l%9(B LAN AutoConfig $B%5!<%S%9(B (wlansvc) $B$K7g4Y$,$"$j!"(B $B96N,%Q%1%C%H$K$h$C$F(B heap overflow $B$,H/@8!"G$0U$N%3!<%I$rCVE-2009-1132

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

2009.09.11 $BDI5-(B:

$B!!(BMS09-048 $B$,2~D{$5$l$?!#(B

2009/9/10: $B!V1F6A$r]HO0O$K$D$$$F$N@bL@$rDI2C$7$^$7$?!#$3$N%;%-%e%j%F%#>pJs$GDs6!$7$F$$$k%;%-%e%j%F%#99?7%W%m%0%i%`$KJQ99$O$"$j$^$;$s!#(B

$B!!2?$,JQ$o$C$?$s$@$m$&!D!D!#2~D{A0$N(B FAQ $B$O$3$&(B:

Windows XP $B$N4{Dj$N9=@.$,$3$N@H
$B4{Dj$G!"(BWindows XP Service Pack 2$B!"(BWindows XP Service Pack 3 $B$*$h$S(B Windows XP Professional x64 Edition Service Pack 2 $B$K$O%/%i%$%"%s%H(B $B%U%!%$%"%&%)!<%k$G9=@.$5$l$?%j%9%K%s%0%5!<%S%9$,4^$^$l$F$$$J$$$?$a!"$3$N@Hl9g!"1F6A$re$N6aNY$N%M%C%H%o!<%/%G%P%$%9$+$i$N\:Y!W$N%;%/%7%g%s$N4KOB:v$*$h$S2sHr:v$O!"(B Windows XP Service Pack 2$B!"(BWindows XP Service Pack 3 $B$*$h$S(B Windows XP Professional x64 Edition Service Pack 2 $B$K$bE,MQ$7$^$9!#(B

$B!!2~D{8e$O$3$&(B:

$B1F6A$r
$B4{Dj$G!"(BWindows XP Service Pack 2$B!"(BWindows XP Service Pack 3 $B$*$h$S(B Windows XP Professional x64 Edition Service Pack 2 $B$K$O%/%i%$%"%s%H(B $B%U%!%$%"%&%)!<%k$G9=@.$5$l$?%j%9%K%s%0(B $B%5!<%S%9$,4^$^$l$F$$$J$$$?$a!"$3$N@H2A$7$F$$$^$9!#$5$i$K!"(BWindows XP Service Pack 2 $B$*$h$S$=$l0J9_$N%*%Z%l!<%F%#%s%0(B $B%7%9%F%`$K$O!"%9%F!<%H%U%k(B $B%[%9%H(B $B%U%!%$%"%&%)!<%k$,4^$^$l$F$*$j!"%$%s%?!<%M%C%H$^$?$O%W%i%$%Y!<%H(B $B%M%C%H%o!<%/>e$N6aNY$N%M%C%H%o!<%/(B $B%G%P%$%9$+$i$N

$B!!@bL@$K$J$C$F$J$$!"$H$$$&0UL#$G$O2?$N0c$$$b$J$$!#(B

$B"#(B $B$$$m$$$m(B (2009.09.10)
(various)

$B"#(B $BDI5-(B

Jack C. Louis and Robert E. Lee to talk about New DoS Attack Vectors

$B!!B3Js!#(B

$B"#(B Firefox 3.5.3 / 3.0.14 $B%j%j!<%9(B
(mozilla.org, 2009.09.10)

$B!!(BFirefox 3.5.3 / 3.0.14 $B$,%j%j!<%9$5$l$?!#(BFirefox 3.5.3 $B$G$O(B 4 $B7o!"(B Firefox 3.0.14 $B$G$O(B 5 $B7o$N7g4Y$,=$@5$5$l$F$$$k!#(B

$B!!(BHelping users keep plugins updated $B$N7o$bBP1~$5$l$F$$$k!#(B

2009.09.12 $BDI5-(B:

$B!!=$@50lMw(B:

MFSA 2009-51
FeedWriter $B$K$h$k%/%m!<%`FC8">:3J(B
MFSA 2009-50
$B2aBg$J9T9b$N(B Unicode $BJ8;z$rDL$8$?%m%1!<%7%g%s%P!<$N56Au(B
MFSA 2009-49
$B%D%j!
MFSA 2009-48
PKCS11 $B%b%8%e!<%k$N%$%s%9%H!<%k$H:o=|$K4X$9$kIT==J,$J7Y9p(B
MFSA 2009-47
$B%a%b%jGK2u$N7A@W$,$"$k%/%i%C%7%e(B (rv:1.9.1.3/1.9.0.14)

$B!!(BMFSA 2009-48 $B$O(B Firefox 3.0.x $B$N$_!"B>$O(B Firefox 3.0.x / 3.5.x $B6&DL!#(B $B4XO"(B:

$B"#(B About the security content of iPhone OS 3.1 and iPhone OS 3.1.1 for iPod touch
(Apple, 2009.09.10)

$B!!(BiPhone OS 3.1 $B$*$h$S(B iPhone OS 3.1.1 for iPod touch $BEP>l!#(B $BG$0U$N%3!<%I$N7$/$b$N$r4^$`!"J#?t$N7g4Y$,=$@5$5$l$F$$$k!#(B

$B!!$7$+$7!"(BiPod touch $B$N?M$O!"$^$?$b$d6b$rJ'$o$J$$$H$$$1$J$$$N$@$m$&$+!D!D$H;W$C$?$N$@$,!"$3$&$$$&>u67$i$7$$(B ($B;2>H(B: Apple$B!"?7$7$$(BiPod touch$B$N%i%$%s%"%C%W$rH/I=(B (Apple, 2009.09.10)$B!#(B

  • iPhone OS 3.0 $B$r9XF~:Q$_$N>l9g$O(B 3.1.1 $B$XL5=~%"%C%W%G!<%H$G$-$k!#(B

  • iPhone OS 2.x $B0JA0$N>l9g$O!"(B600 $B1_$GM-=~%"%C%W%0%l!<%I(B

$B"#(B QuickTime 7.6.4 $B$N%;%-%e%j%F%#%3%s%F%s%D$K$D$$$F(B
(Apple, 2009.09.10)

$B!!(BQuickTime 7.6.4 $BEP>l!#(B4 $B$D$N7g4Y$,=$@5$5$l$F$$$k!#(B $B$$$:$l$b!"(BMac $BHG!&(BWindows $BHG$NN>J}$K6&DL$9$k7g4Y!#(B

  • $B96N,(B H.264 $B%`!<%S!<$K$h$C$FG$0U$N%3!<%I$,CVE-2009-2202

  • $B96N,(B MPEG-4 $B%S%G%*%U%!%$%k$K$h$C$FG$0U$N%3!<%I$,CVE-2009-2203

  • $B96N,(B FlashPix $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$,CVE-2009-2798

  • $B96N,(B H.264 $B%`!<%S!<$K$h$C$FG$0U$N%3!<%I$,CVE-2009-2799

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (975497) SMB $B$N@H
(Microsoft, 2009.09.09)

$B!!$3$N7o(B: Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. (milw0rm)$B!#(B $B96N,(B SMB2 $B%Q%1%C%H$K$h$C$FG$0U$N%3!<%I$rCVE-2009-3103

$B!!7g4Y$,$"$k$N$O(B Windows Vista / Server 2008 / 7 RC$B!#(B Windows Server 2008 R2 $B$*$h$S(B Windows 7 gold $B$K$O$3$N7g4Y$O$J$$!#(B SMB2 $B$rL58z$K$9$l$P2sHr$G$-$k!#(B

2009.09.12 $BDI5-(B:

$B!!(B Windows$B$N(BSMB$B$N(BDoS$B967b$N@H(BZ%l%]!<%H(B (NTT $B%G!<%?!&%;%-%e%j%F%#(B, 2009.09.10)

2009.09.18 $BDI5-(B:

$B!!(B$B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B 975497 $B$,2~D{$5$l$?!#(B

2009.09.20 $BDI5-(B:

$B!!(BUpdate on the SMB vulnerability situation (Microsoft Security Research & Defense, 2009.09.18)

$B"#(B 2009.09.09

$B"#(B $BDI5-(B

Jack C. Louis and Robert E. Lee to talk about New DoS Attack Vectors

$B!!(BSockstress $B$N7o!"$h$&$d$/3F

$B"#(B 2009.09.08

$B"#(B $B$$$m$$$m(B (2009.09.08)
(various)

2009.09.12 $BDI5-(B:

$B!!(BRoboHelp $B$N7oB3Js(B: Update on RoboHelp Server 8 Issue (Adobe PSIRT blog, 2009.09.09)$B!#(B2009.09.18 $B$K(B fix $B$,=P$kM=Dj$N$h$&$G$9!#(B

2009.09.20 $BDI5-(B:

$B!!(BRoboHelp$B!"(Bfix $B=P$^$7$?(B: APSB09-14: Security update available for RoboHelp Server 8 (Adobe, 2009.09.18)$B!#(BCVE-2009-3068

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2009.08.15)

$B!!(BWordPress$B$N5lHG$rA@$&%o!<%`=P8=!":G?7HG$K99?7$r(B (ITmedia, 2009.09.08)$B!#(BCVE-2009-2762 $B$rA@$&%o!<%`$,=P$F$-$?$=$&$G!#(B

Opera 10 for Windows $B99?7MzNr(B

SSL$B%H%i%U%#%C%/$rK5

$B!!(BQt patches released fixing potential security flaw - Patches for Qt versions 4.3.0 and newer available for download. (nokia, 2009.09.01)$B!#(BQt 4.3.0 $BMQ$H(B Qt 4.4.x / 4.5.x $BMQ$N(B patch $B$,MQ0U$5$l$F$$$k!#(B CVE-2009-2700

$B"#(B 2009.09.07

$B"#(B Java for Mac OS X 10.5 Update 5 $B$N%;%-%e%j%F%#%3%s%F%s%D$K$D$$$F(B
(apple, 2009.09.03)

$B!!(BMac OS X 10.5 $BMQ$N(B Java SE 1.6.0_15 / 1.5.0_20 / 1.4.2_22$B!"$*$h$S(B Java Web Start $B$N=$@5!#(B

$B"#(B 2009.09.05

$B"#(B Helping users keep plugins updated
(Mozilla Security Blog, 2009.09.04)

$B!!(BFirefox 3.5.3 / 3.0.14 $B0J9_$G$O!"(BFirefox $B$,!"I,MW$K1~$8$F(B Flash Player $B$N99?7$rB%$9I=<($r9T$&$h$&$K$J$kLOMM!#$9$P$i$7$$!#(B

2009.09.11 $BDI5-(B:

$B!!(BFirefox $B$N5lHG(B Flash Player $B%W%i%0%$%s7Y9p$N7o!"5sF0$r3NG'$7$F$_$?!#(B

  • Firefox 3.5.3 $B$K(B Flash Player 10.0.22.87 $B$r%$%s%9%H!<%k$7$F$_$?$,!"2?$NH?1~$bF@$i$l$J$$!#(BFirefox $B$r:F5/F0$7$F$bF1MM!#(B

  • Firefox 3.5.2 $B$K(B Flash Player 10.0.22.87 $B$r%$%s%9%H!<%k$7!"(B Firefox 3.5.3 $B$K%"%C%W%G!<%H$9$k$H!"%"%C%W%G!<%H8e(B Firefox $B$r:F5/F0$7$?;~E@$G!"(BFlash Player $B$N99?7$rB%$5$l$?!#(B

$B!!4XO"(B: $B!V5!G=$rDI2C!W$H$$$&$N$O@53N$G$O$J$$(B (slashdot.jp, 2009.09.11)

2009.09.17 $BDI5-(B:

$B!!7k2LH/I=(B: Helping People Upgrade Flash (Blog of Metrics, 2009.09.16)

So, what has transpired since last Wednesday?

In one week, 10,000,000 people have clicked on the $B!H(Bflash update$B!I(B link below.

$B!!(B1,000 $BK|!D!D!#$J$+$J$+$$$$?t;z$G$9$M!#(BMicrosoft $B$b$<$RDI?o$7$F$/$@$5$$!#(B($B$=$N>l9g!"$b$&(B 1 $B7e>e$r9T$/$G$7$g$&$M!D!D(B)

$B"#(B 2009.09.04

$B"#(B Opera 10 for Windows $B99?7MzNr(B
(Opera.com, 2009.09.01)

$B!!(BOpera 10 $B$K$OJ#?t$N%;%-%e%j%F%#=$@5$,4^$^$l$F$$$^$9!#(B

Opera 9.64 $B$+$i$NJQ99FbMF(B
($BCfN,(B)
$B%;%-%e%j%F%#(B
  • $B%5%$%H$,L58z$K$J$C$?Cf4V>ZL@=q$r;HMQ$7$F$$$k>l9g$K0BA4$HI=<($5$l$k>l9g$,$"$C$?LdBj!#(B; $B4+9p$r$4Mw$/$@$5$$(B$B!#(B
  • $B%"%I%l%9%P!<$,Jx$l$F%I%a%$%sL>$r@53N$KI=<(=PMh$J$+$C$?LdBj!#(B; $B4+9p$r$4Mw$/$@$5$$(B$B!#(B
  • IDNA ($B9q:]2=%I%a%$%sL>(B) $BJ8;z$,%"%I%l%9%P!<$K@53N$KI=<($5$l$J$$$3$H$,$"$C$?LdBj!#(B; $B4+9p$r$4Mw$/$@$5$$(B$B!#(B
  • SSL/TLS $BL>A08!:w$G(B *.com $B$,%o%$%k%I%+!<%I$7$^$C$?LdBj!#(B; $B4+9p$r$4Mw$/$@$5$$(B$B!#(B
  • Root $B$+$iD>@\H/9T$5$l$?(B EV $B>ZL@=q$NG'<1LdBj!#(B
  • $B>ZL@=q$N%$%s%]!<%H$K4X$9$kLdBj!#(B

$B!!$3$N=q$+$lJ}$+$i$9$k$H!"(BOpera 9.65 $B$O=P$J$$$C$]$$$+!#(B

2009.09.08 $BDI5-(B:

2009.09.25 $BDI5-(B:

$B!!$3$s$JLdBj$b$"$C$?$i$7$$(B: JVN#39157969: Opera $B$K$*$1$k%5!<%I%Q!<%F%#(B Cookie $B$N (JVN, 2009.09.17)$B!#(BOpera 10 $B$G=$@5$5$l$F$$$k$=$&$@!#M-@4CR$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B - 2009 $BG/(B 9 $B7n(B
(Microsoft, 2009.09.04)

$B!!$b$&$=$s$J5(@a$G$9!#6[5^(B x 5$B!#$^$$$C$?$M!#(B

$B"#(B $BDI5-(B

Microsoft IIS 5/6 FTP 0Day released

$B!!$d$C$Q$jG'>ZDL$i$J$$$H$@$a$G$7$?!#$9$$$^$;$s!#$3$,$5$s!":4L>LZ$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#4XO"(B: MS-IIS FTP Service 5/6 $B$N(B NLST $B%3%^%s%I$N@H (ntt.com, 2009.09.03)

$B!!(B$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (975191) $B%$%s%?!<%M%C%H(B $B%$%s%U%)%a!<%7%g%s(B $B%5!<%S%9$N(B FTP $B%5!<%S%9$N@H (Microsoft, 2009.09.02) $B$,2~D{$5$l!"(BCVE-2009-2521 $B$,DI2C$5$l$^$7$?!#(BIIS 5.0 / 5.1 / 6.0 / 7.0 $BIUB0$N(B FTP $B%5!<%S%9$K(B DoS $B967b$r

$B"#(B Flash Player update and Snow Leopard
(Adobe PSIRT blog, 2009.09.02)

$B!!(BMac OS X 10.6 Snow Leopard $B$K$O8E$$%P!<%8%g%s$N(B Flash Player $B$,F1:-$5$l$F$$$k$N$G!":G?7$N(B 10.0.32.18 $B$K99?7$7$F$/$@$5$$$M!"$H$$$&0FFb!#(B

$B!!4XO"(B: Apple ships a known vulnerable version of Flash with Snow Leopard (Sophos blog, 2009.09.02)

2009.09.12 $BDI5-(B:

$B!!(BMac OS X 10.6.1 $B$GBP1~$5$l$?(B: About the security content of the Mac OS X v10.6.1 Update (Apple, 2009.09.11)

$B"#(B 2009.09.03

$B"#(B [JS09003] ATOK$B$N@H
($B%8%c%9%H%7%9%F%`(B, 2009.09.02)

$B!!(BATOK for Windows $B$K8"8B>e>:$r5v$97g4Y$,$"$j!"(Blocal user $B$,(B local SYSTEM $B8"8B$rC%

$B!!(BATOK 2006 $B!A(B 2009 for Windows$B!"(BATOK $B%9%^%$%k!"(BATOK $BDj3[@)%5!<%S%9(B (Windows) $B$K$D$$$F$O%"%C%W%G!<%H%b%8%e!<%k$,8x3+$5$l$F$$$k!#(B

$B"#(B 2009.09.02

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2009.07.30)

$B!!(B Squid Proxy Cache Security Update Advisory SQUID-2009:2 $B$G$9$,!"(B2009.08.04 $BIU$G=P$7D>$7$5$l$F$^$9$M!#(BSquid 3.0.STABLE17 / 3.1.0.12 $B$O

Microsoft IIS 5/6 FTP 0Day released

$B!!G'>Z$rFMGK$9$kI,MW$O!"Microsoft IIS 5.0 FTP Server Remote Stack Overflow Exploit (win2k sp4) (milw0rm, 2009.09.01)$B!#$0$O$!(B ($BEG7l(B)$B!#(B

$B!!%"%I%P%$%6%j=P$^$7$?(B: $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (975191) $B%$%s%?!<%M%C%H(B $B%$%s%U%)%a!<%7%g%s(B $B%5!<%S%9$N(B FTP $B%5!<%S%9$N@H (Microsoft, 2009.09.02)$B!#2sHr:v$H$7$F$O!"(BFTP $B%f!<%6$K$h$k%G%#%l%/%H%j:n@.$N6X;_!&=q$-9~$_$N6X;_$H(B FTP $B%5!<%S%9$NL58z2=$,5s$2$i$l$F$$$^$9!#(B

$B"#(B 2009.09.01

$B"#(B OpenOffice.org 3.1 $B0JA0$KJ#?t$N7g4Y(B
(secunia, 2009.09.01)

$B!!$3$l(B:

$B!!(BOpenOffice.org 3.1.1 $B$G=$@5$5$l$F$$$k!#(B

$B!!$H$3$m$,!"8=:_G[I[$5$l$F$$$k(B OpenOffice.org 3.1.1 $B$N(B Windows $BHG%P%$%J%j$K$O!"7g4Y$N$"$k(B MSVC++ $B%i%s%?%$%`(B (ATL $BJ}LL(B) $B$,F1:-$5$l$F$$$k$=$&$G(B:

$B"#(B $BDI5-(B

$B%Y%/%?!<$*$h$SAk$NEN$GG[I[$5$l$F$$$?%=%U%H%&%'%"$N0lIt$,(B Induc $B$K46@w$7$F$$$?$3$H$,H=L@(B

$B!!F|K\$N;(;o$K$b(B: DTM$B%^%,%8%s(B9$B7n9fIUO?(BDVD$B$N<}O?%U%j!<%=%U%H$,!V(BInduc$B!W46@w(B (Internet Watch, 2009.08.28)

$B"#(B Microsoft IIS 5/6 FTP 0Day released
(SANS ISC, 2009.08.31)

$B!!$3$l(B: Microsoft IIS 5.0/6.0 FTP Server Remote Stack Overflow Exploit (win2k) (milw0rm, 2009.08.31)$B!#(B $B$3$N7g4Y$rMxMQ$9$k$K$OG'>Z$rFMGK$9$kI,MW$,$"$k$,!"(Banonymous FTP $B$7$F$?$j$9$k$H%d%P$$!#(B CVE-2009-3023

$B!!4XO"(B: JVNVU#276653: Microsoft Internet Information Services FTP $B%5!<%P$K$*$1$k%P%C%U%!%*!<%P!<%U%m!<$N@H (JVN, 2009.09.01)

2009.09.02 $BDI5-(B:

$B!!(B$BG'>Z$rFMGK$9$kI,MW$O!" Microsoft IIS 5.0 FTP Server Remote Stack Overflow Exploit (win2k sp4) (milw0rm, 2009.09.01)$B!#$0$O$!(B ($BEG7l(B)$B!#(B

$B!!%"%I%P%$%6%j=P$^$7$?(B: $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (975191) $B%$%s%?!<%M%C%H(B $B%$%s%U%)%a!<%7%g%s(B $B%5!<%S%9$N(B FTP $B%5!<%S%9$N@H (Microsoft, 2009.09.02)$B!#2sHr:v$H$7$F$O!"(BFTP $B%f!<%6$K$h$k%G%#%l%/%H%j:n@.$N6X;_!&=q$-9~$_$N6X;_$H(B FTP $B%5!<%S%9$NL58z2=$,5s$2$i$l$F$$$^$9!#(BCVE-2009-3023

2009.09.04 $BDI5-(B:

$B!!$d$C$Q$jG'>ZDL$i$J$$$H$@$a$G$7$?!#$9$$$^$;$s!#$3$,$5$s!":4L>LZ$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#4XO"(B: MS-IIS FTP Service 5/6 $B$N(B NLST $B%3%^%s%I$N@H (ntt.com, 2009.09.03)

$B!!(B$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (975191) $B%$%s%?!<%M%C%H(B $B%$%s%U%)%a!<%7%g%s(B $B%5!<%S%9$N(B FTP $B%5!<%S%9$N@H (Microsoft, 2009.09.02) $B$,2~D{$5$l!"(BCVE-2009-2521 $B$,DI2C$5$l$^$7$?!#(BIIS 5.0 / 5.1 / 6.0 / 7.0 $BIUB0$N(B FTP $B%5!<%S%9$K(B DoS $B967b$r

2009.09.12 $BDI5-(B:

$B!!(Bhttp://www.milw0rm.com/exploits/9587

$B2a5n$N5-;v(B: 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

[$B%;%-%e%j%F%#%[!<%k(B memo]
[$B;d$K$D$$$F(B]