$B%;%-%e%j%F%#%[!<%k(B memo

Last modified: Fri May 18 20:11:13 2012 +0900 (JST)
$BC;=L(B URL: http://goo.gl/pwSG$B!!(BQR $B%3!<%I(B: http://goo.gl/pwSG.qr

$B!!(BSecurity Watch $B$5$s$,E9$8$^$$$5$l$F$7$^$C$?$N$G!"(B $B8D?M$GDI$$$+$1$F$_$k%F%9%H$G$9!#(B $BHwK:O?$H$7$F=q$$$F$*$/$D$b$j$J$N$G!"(B Security Watch $B$5$s$N$h$&$J>\:Y$J$b$N$G$O$"$j$^$;$s!#(B $B4pK\E*$J%?!<%2%C%H$O(B UNIX$B!"(BWindows$B!"(BMac OS (priority $B=g(B) $B$H$7$^$9!#(B $B$^$?!"$3$N%Z!<%8$NFbMF$O$I$N%Z!<%8$K$bA}$7$FL5J]>Z$G$"$k$3$H$r@k8@$7$F$*$-$^$9!#A4$F$N>pJs$,=8$^$C$F$$$k$o$1$b$"$j$^$;$s!#(B

$B!!$3$3$K:\$;$k>pJs$K$D$$$F$O!"2DG=$J8B$j(B 1 $BpJs8;$X$N%j%s%/$r:n@.$7$F$*$-$^$9!#(B $B3F<+$G(B 1 $BpJs8;$NFbMF$r3NG'$7$F$/$@$5$$!#(B $B$3$N%Z!<%8$NFbMF$r$/$l$0$l$b1-0{$_$K$7$J$$$h$&$K!#(B $B4V0c$$$rH/8+$5$l$?J}!"5-:\$5$l$F$$$J$$>pJs$r$4B8CN$NJ}!"$<$R(B$B$*$7$($F$/$@$5$$(B$B!#$h$m$7$/$*4j$$$$$?$7$^$9!#(B

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B!!(B[ $BDjHV>pJs8;(B ] $B!!2a5n$N5-;v(B: 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

[SCAN Security Wire NP Prize 2001]

$B!V(BScan Security Wire$B!W(B $BSCAN Security Wire NP Prize 2001 $B$r^(B$B$7$^$7$?!#(B

$B!!(B

$B!V%M%C%H%i%s%J!o=,^$r!"%Y%9%H!&%*%V!&>o=,^$r^$7$^$7$?!#(B

www.iraqbodycount.org www.iraqbodycount.org

$BI|4)%j%/%(%9%H
$B%8%'%$%`%:(B.$B#F(B.$B%@%K%,%s!V(B $B?7!&@oAh$N%F%/%N%m%8!<(B$B!W(B($B8=:_(B45$BI<(B)
$BCf;3?.90!V(B$B%=%U%H%&%'%"$NK!E*J]8n(B$B!W(B ($B8=:_(B119$BI<(B) ($B%*%s%G%^%s%I9XF~2D(B)
$BN&0f;0O:Lu!&JT!V(B$B%Y%H%J%`5"4TJ<$N>Z8@(B$B!W(B ($B8=:_(B109$BI<(B)
$BNS9nL@!V(B$B%+%U%+%9$N>.$5$J9q!!%A%'%A%'%sFHN)1?F0;OKv(B$B!W(B ($B8=:_(B172$BI<(B)
$B2f$i9_Iz$;$:!]%5%$%Q%s6L:U@o$N685$$H?? ($B8=:_(B136$BI<(B)

RSS $B$KBP1~$7$F$_$^$7$?!#(B $B>.%M%?$O4^$^$l$F$$$^$;$s!#!V@/<#$M$?%&%<%'!W$H$$$&?M$O(B RSS $B%Y!<%9$GFI$`$H9,$;$K$J$l$k$G$7$g$&(B ($B%&%6$/$J$$?M$O(B $B$3$C$A$N(B RSS $B$,$h$$$+$b$7$l$^$;$s(B)$B!#(B RSS 1.0 $B$G$9$N$G!"$"$/$^$G(B RDF Site Summary $B$G$9!#(B $B8=:_$O(B Really Simple Syndication $B$K$OBP1~$7$F$$$^$;$s!#(B
$B:#$9$0(B Really Simple Syndication $B$,$[$7$$?M$O!"$N$$$s$5$s$K$h$k(B Web $B%5%$%H$N(B RSS $B$r>! $B$r;2>H$7$F$/$@$5$$!#(B($B$N$$$s$5$s>pJs$"$j$,$H$&$4$6$$$^$9(B)

$B<BMQ(B SSH $BBh(B2$BHG(B: $B%;%-%e%
2 $B:~$,=P$^$7$?!#(B$B%*%i%$%j!<$GCmJ8$7(B$B!"Hw9MMw$K!VI,$:(B2$B:~$G$"$k$3$H!W$H=q$/$H(B 2 $B:~$r3N

$B"#(B 2012.05.18

$B"#(B $B$$$m$$$m(B (2012.05.18)
(various)

$B"#(B $BDI5-(B

$B%*%i%/%k!"?<9o$J@H

$B!!(BOSX.Flashback - $B%\%C%H%M%C%H$,Mx1W$r>e$2$k$?$a$N ($B%7%^%s%F%C%/(B, 2012.05.18)

$B"#(B 2012.05.17

$B"#(B The Apache OpenOffice Project Announces Apache OpenOffice 3.4
(OpenOffice.org, 2012.05.08)

$B!!(BOpenOffice 3.4 $B$G$O(B OpenOffice 3.3.0 / 3.4 Beta $B$K4^$^$l$F$$$?(B 3 $B$D$N7g4Y$,=$@5$5$l$F$$$k$=$&$G$9!#(B

$B"#(B $B%m%8%F%C%/@=(B300Mbps$BL5@~(BLAN$B%V%m!<%I%P%s%I%k!<%?(B $B!J(BLAN-W300N/R$B!"(BLAN-W300N/RS$B!"(BLAN-W300N/RU2$B!K(B $B$K4X$9$k$*OM$S$H$*4j$$(B
($B%m%8%F%C%/(B, 2012.05.16)

$B!!%m%8%F%C%/$N(B 300Mbps$BL5@~(BLAN$B%V%m!<%I%P%s%I%k!<%?(B LAN-W300N/R, LAN-W300N/RS, LAN-W300N/RU2 $B%7%j%"%k%J%s%P!l9g$K7g4Y!#%$%s%?!<%M%C%HB&$+$i!"%k!<%?FbIt$N(B PPPoE $BG'>Z(BID$B!&%Q%9%o!<%I$r

$B!!:G?7$N%U%!!<%`%&%'%"(B (2.10a?) $B$G$O=$@5$5$l$F$$$k!#(B5/28 $B$K$O!V$5$i$K%;%-%e%j%F%#!<$r6/2=$7$?%U%!!<%`%&%'%"!W$,8x3+$5$l$k$=$&$@!#(B

$B!!4XO"(B: $B%m%8%F%C%/ (JPCERT/CC, 2012.05.16)

$B"#(B 2012.05.16

$B"#(B Chrome Stable Channel Update
(Google, 2012.05.15)

$B!!(BChrome 19 $B$,@5<0HG$K!#(B18 $B7o$N7g4Y$r=$@5$7$F$$$k!#$^$?(B Chrome $B$N$b$N$G$O$J$$(B 2 $B7o$N7g4Y(B (Nvidia, libxml) $B$KBP1~$7$F$$$k!#(B CVE-2011-3083 CVE-2011-3084 CVE-2011-3085 CVE-2011-3086 CVE-2011-3087 CVE-2011-3088 CVE-2011-3089 CVE-2011-3090 CVE-2011-3091 CVE-2011-3092 CVE-2011-3093 CVE-2011-3094 CVE-2011-3095 CVE-2011-3096 CVE-2011-3097 CVE-2011-3098 CVE-2011-3099 CVE-2011-3100 CVE-2011-3101 CVE-2011-3102

$B"#(B $BDI5-(B

$B%*%i%/%k!"?<9o$J@H

$B!!(BApple $B=c@5(B FlashBack $B:o=|%D!<%k!"(BMac OS X 10.5 $B$K$bDs6!$5$l$?$=$&$G(B: About the security content of Flashback Removal Security Update (Apple, 2012.05.14)

About the security content of Safari 5.1.7

$B!!$*$^$15!G=(B ($B8E$$(B Flash Player $B$NL58z2=(B) $B$@$1!"(BMac OS X 10.5 $B$K(B backport $B$5$l$^$7$?(B: About the security content of Leopard Security Update 2012-003 (Apple, 2012.05.14)

$B"#(B About the security content of QuickTime 7.7.2
(Apple, 2012.05.15)

$B!!(BQuickTime 7.7.2 $BEP>l!#(BWindows $BHG$K$D$$$F!"(B17 $B7o$N7g4Y$,=$@5$5$l$F$$$k!#(B Mac OS X $BHG$K$D$$$F$O!"(BOS $BK\BN$K$*$$$F=$@5$5$l$F$$$k(B (Mac OS X Lion 10.7.3 / 10.7.4$B!"(B10.6.8 Security Update 2012-001 / 2012-002)$B!#(B CVE-2012-0663 CVE-2012-0664 CVE-2012-0665 CVE-2011-3458 CVE-2011-3459 CVE-2012-0658 CVE-2012-0659 CVE-2012-0666 CVE-2011-3460 CVE-2012-0667 CVE-2012-0661 CVE-2012-0668 CVE-2012-0669 CVE-2012-0670 CVE-2012-0671 CVE-2012-0265 CVE-2012-0660

$B"#(B 2012.05.15

$B"#(B PHP$B$N(Bescapeshellcmd$B$r=d$kKA81(B
($BFA4]9@$NF|5-(B, 2012.04.09)

$B!!(Bescapeshellcmd $B$N;HMQ$O!V%@%a!#%<%C%?%$!#!W(B

$B"#(B 2012.05.14

$B"#(B $BDI5-(B

Adobe Illustrator / Photoshop / Flash Professional / Shockwave Player $B%;%-%e%j%F%#>pJs(B

$B!!(BAdobe$B!"J$7$?LOMM!#(B

$B"#(B 2012.05.11

$B"#(B $BDI5-(B

Microsoft 2012 $BG/(B 5 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BMS12-035 $B=$@5%W%m%0%i%`$N$&$A(B KB2604044 $B$O(B Windows Update $B$d(B WSUS $B$G$OG[I[$5$l$F$$$J$$$=$&$@!#(B

$B!!(BWindows$B$d(BOffice$B$J$I$K4m81$J@H ($BF|7P(B IT Pro, 2012.05.10)

$B!!FC$KCm0U$,I,MW$J$N$O!"(BOutlook 2007$B$N%f!<%6! $B!!0-l9g!"(BOutlook 2007$B$O(BWord$B$r;H$C$F$=$N%a!<%k$r3+$3$&$H$9$k!#$3$N$?$a!"@H $B!!(BOutlook 2007$B$N%f!<%6!<$G$J$/$F$b!"%a!<%k$N%j!<%@!<$K(BWord$B$r@_Dj$7$F$$$k>l9g$K$O!"F1MM$N4m81@-$,$"$k!#(B

$B"#(B OpenSSL Security Advisory [10 May 2012] Invalid TLS/DTLS record attack (CVE-2012-2333)
(OpenSSL.org, 2012.05.10)

$B!!(BOpenSSL $B$K7g4Y!#(BTLS 1.1 / 1.2 $B$*$h$S(B DTLS $B$K$*$1$k(B CBC $B%b!<%I0E9f72$N=hM}$K7g4Y$,$"$j!"%/%i%$%"%s%H$*$h$S%5!<%P$KBP$7$F(B DoS $B967b$rCVE-2012-2333$B!#(B TLS 1.1 / 1.2 $B$K$D$$$F$O(B OpenSSL 1.0.1 $B$K$N$_1F6A!#(B

$B!!(BOpenSSL 1.0.1c / 1.0.0j / 0.9.8x $B$G=$@5$5$l$F$$$k!#(Biida $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B Opera 11.64 released
(Opera, 2012.05.10)

$B!!(BOpera 11.64 $BEP>l!#(B1 $B7o$N%;%-%e%j%F%#7g4Y$r=$@5!#(B Advisory: Certain URL constructs can allow arbitrary code execution Severity (Opera)

$B"#(B About the security content of Safari 5.1.7
(Apple, 2012.05.09)

$B!!(BSafari 5.1.7 $BEP>l!#(BWebKit $B$N%;%-%e%j%F%#7g4Y(B 4 $B7o$r=$@5!#(B $B$$$:$l$b(B Windows / Mac $B6&DL!#(B CVE-2011-3046 CVE-2011-3056 CVE-2012-0672 CVE-2012-0676

$B!!$*$^$15!G=$,$"$k$=$&$G(B:

Note: In addition, this update disables Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory. This update presents the option to install an updated version of Flash Player from the Adobe website.

$B!!(B10.1.102.64 $B$h$j$b8E$$(B Flash Player $B$OL58z2=$G$9$+!#(B

2012.05.16 $BDI5-(B:

$B!!$*$^$15!G=(B ($B8E$$(B Flash Player $B$NL58z2=(B) $B$@$1!"(BMac OS X 10.5 $B$K(B backport $B$5$l$^$7$?(B: About the security content of Leopard Security Update 2012-003 (Apple, 2012.05.14)

$B"#(B 2012.05.10

$B"#(B About the security content of OS X Lion v10.7.4 and Security Update 2012-002
(Apple, 2012.05.09)

$B!!(BMac OS X 10.7.4 $B$*$h$S!"(B10.6.8 $BMQ%;%-%e%F%#99?7(B 2012-002 $B8x3+!#(B36 $B7o$N7g4Y$,%;%-%e%j%F%#=$@5$5$l$F$$$k!#(B CVE-2011-0241 CVE-2011-1004 CVE-2011-1005 CVE-2011-1167 CVE-2011-1777 CVE-2011-1778 CVE-2011-1944 CVE-2011-2692 CVE-2011-2821 CVE-2011-2834 CVE-2011-2895 CVE-2011-3212 CVE-2011-3328 CVE-2011-3389 CVE-2011-3919 CVE-2011-4566 CVE-2011-4815 CVE-2011-4885 CVE-2012-0036 CVE-2012-0642 CVE-2012-0649 CVE-2012-0651 CVE-2012-0652 CVE-2012-0654 CVE-2012-0655 CVE-2012-0656 CVE-2012-0657 CVE-2012-0658 CVE-2012-0659 CVE-2012-0660 CVE-2012-0661 CVE-2012-0662 CVE-2012-0675 CVE-2012-0830 CVE-2012-0870 CVE-2012-1182

$B!!(BApple update to OS X Lion exposes encryption passwords (Sophos, 2012.05.06) $B$N7o(B (FileVault $B$N7o(B) $B$b=$@5$5$l$F$$$k!#(B

$B"#(B $BDI5-(B

CGI $BHG(B PHP $B$K=EBg$J7g4Y!"(Bremote $B$+$iG$0U$N%9%/%j%W%H$r

$B!!4XO"(B:

$B$$$m$$$m(B (2012.05.07)

$B!!(BApple update to OS X Lion exposes encryption passwords (Sophos, 2012.05.06) $B$N7o!"(B About the security content of OS X Lion v10.7.4 and Security Update 2012-002 (Apple, 2012.05.09) $B$G=$@5$5$l$^$7$?!#(B

Microsoft 2012 $BG/(B 5 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!!V%l%8%9%H%j$r$$$8$C$F%-!<%\!<%I%l%$%"%&%H$rJQ99$7$F$$$k$H(B KB2686509 (MS12-034) $B$NE,MQ$K<:GT$9$k!W$H$$$&;vNc$,$"$k$h$&$G$9!#(B

$B"#(B 2012.05.09

$B"#(B $B<+E>](B
($BFIGd(B, 2012.05.09)

$B!!:G6aHa;4$J;v8N$N%K%e!<%9$,B3$$$F$$$^$9$,!"$3$l$O<+E>

$B#2#0#1#1G/#67n$K3X@8$,<"2l8)Fb$G<+E>Cf$K;`K4;v8N$r5/$3$7$?$N$,$-$C$+$1(B ($BCfN,(B) $B;v8N$O!"F18)ApDE;TFb$N8)F;8r:9E@$G!"3X@8$,<+E>Cf$K?.9fL5;k$r$7!"2#CGJbF;$rEO$C$F$$$?

$B!!FIGd(B 2011.10.27 $B5-;v$G$O!X;~B.#2#5%-%m$GCf$K@V?.9f$N8r:9E@$K?JF~!Y!X

$B!!N)L?4[Bg$OA43X@8$NH>?t$K$"$?$kLs#1K|#6#0#0#0?M$,<+E> $B!!Bg3X$OGe=~3[$,#12/1_0J>e!JG/4VJ]81NA#1#0#0#01_A08e!K$NJ]81$r?d>)$7$F$$$k!#J]81$N7@Ls=q$r3X9;B&$KDs<($7$J$$$HEPO?%7!<%k$,$b$i$($:!"%7!<%k$N$J$$<+E>l$G7YHw0w$,3NG'$7!">h$jF~$l$J$$$h$&;XF3$9$k;EAH$_$@!#(B

$B!!(B$B!Z?7F~@8MQ![(B 2012 $BG/EY(B $B<+E> ($BN)L?4[Bg3X(B $B0a3^%-%c%s%Q%9;vL32](B) $B$K$h$k$H!"(B1 $B2/1_$,!VMW7o!W$N$h$&$G!#(B$BDL3X<+E> ($BD+F|(B, 2012.04.30) $B$K$h$k$H!"(B

$B!!3X@8$O$^$:!"8rDL%k!<%k$r3X$V0BA49V=,2q!JLs#1;~4V!K$rHL@!"80$,8N>c$7$F$$$J$$$+$r3NG'$G$-$?$i!"Bg3X$,EPO?%7!<%k$rH/9T$9$k!#J]81NA$OJd=~8BEY3[#12/1_$G#4G/4V#1#3#6#01_DxEY$@!##57n$^$G$K3X@8A40w$NEPO?$r40N;$5$;$kJ}?K!#(B

$B!!FIGd$N!VG/4VJ]81NA#1#0#0#01_A08e!W$H!"D+F|$N!V#4G/4V#1#3#6#01_DxEY!W$G$O!"$:$$$V$s0c$&$h$&$J5$$b$9$k$,!"$^$!$=$NDxEY$@$H!#(B

$B!!N)L?4[Bg$N

$B!!$J$k$[$I$J$"!#(B

$B!!4XO"(B: $B<+E> ($BF|K\8rDL4IM}5;=Q6(2q(B)$B!#%S%G%*!V(B$B$^$5$+$NL$Mh!A$^$5$+!"<+E>$B!W(B $B$b%j%s%/$5$l$F$$$k!#(B

$B"#(B Adobe Illustrator / Photoshop / Flash Professional / Shockwave Player $B%;%-%e%j%F%#>pJs(B
(Adobe, 2012.05.08)

$B!!(B4 $BH/F1;~$KMh$^$7$?!#Fb(B 3 $BH/$O(B CS6 $BGc$($H$$$&EBMM>&Gd$JFbMF!#(B

APSB12-10: Security Bulletin for Adobe Illustrator

$B!!(BWindows / Mac $BMQ(B Illustrator CS5.5 $B0JA0$K!"G$0U$N%3!<%I$N7$/(B 5 $B$D$N7g4Y!#(B CVE-2012-0780 CVE-2012-2023 CVE-2012-2024 CVE-2012-2025 CVE-2012-2026$B!#(BPriority Rating: 3

$B!!(BIllustrator CS6 $B$G$O=$@5$5$l$F$$$k!#(BAdobe $B$O(B CS5.5 $B0JA0MQ$N(B patch $B$r=P$9$D$b$j$O$J$$LOMM!#(B

For users who cannot upgrade to Adobe Illustrator CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources.

$B$H=R$Y$F%*%o%j!#(B

APSB12-11: Security Bulletin for Adobe Photoshop

$B!!(BWindows / Mac $BMQ(B Photoshop CS5.5 $B0JA0$K!"G$0U$N%3!<%I$N7$/(B 2 $B$D$N7g4Y!#(B CVE-2012-2027 CVE-2012-2028$B!#(BPriority Rating: 3

$B!!(BPhotoshop CS6 $B$G$O=$@5$5$l$F$$$k!#(BIllustrator $B$HF1MM!"(BAdobe $B$O(B CS5.5 $B0JA0MQ$N(B patch $B$r=P$9$D$b$j$O$J$$LOMM!#(B

APSB12-12: Security Bulletin for Adobe Flash Professional

$B!!(BWindows / Mac $BMQ(B Flash Professional CS5.5 (11.5.1.349) $B0JA0$K!"G$0U$N%3!<%I$N7$/7g4Y!#(B CVE-2012-0778$B!#(BPriority Rating: 3

$B!!(BFlash Professional CS6 $B$G$O=$@5$5$l$F$$$k!#(BIllustrator / Photoshop $B$HF1MM!"(BAdobe $B$O(B CS5.5 $B0JA0MQ$N(B patch $B$r=P$9$D$b$j$O$J$$LOMM!#(B

APSB12-13: Security update available for Adobe Shockwave Player

$B!!(BWindows / Mac $BMQ(B Shockwave Player 11.6.4.634 $B0JA0$K!"G$0U$N%3!<%I$N7$/(B 5 $B$D$N7g4Y!#(BCVE-2012-2029 CVE-2012-2030 CVE-2012-2031 CVE-2012-2032 CVE-2012-2033$B!#(BPriority Rating: 2

$B!!(BShockwave Player 11.6.5.635 $B$G=$@5$5$l$F$$$k!#(B$B%@%&%s%m!<%I(B$B!#(B

$B!!F|K\8l>6Lu=P$F$^$7$?!#(B

2012.05.14 $BDI5-(B:

$B!!(BAdobe$B!"J$7$?LOMM!#(B

$B"#(B Microsoft 2012 $BG/(B 5 $B7n$N%;%-%e%j%F%#>pJs(B
(Microsoft, 2012.05.09)

$B!!M=Dj$I$*$j=P$^$7$?!#(B

MS12-029 - $B6[5^(B: Microsoft Word $B$N@H

$B!!(BWord 2003 / 2007$B!"(BOffice 2008 for Mac$B!"(BOffice for Mac 2011$B!"(BOffice $B8_495!G=%Q%C%/(B $B$K7g4Y!#(BRTF $B%U%!%$%k$N=hM}$K7g4Y$,$"$j!"%a%b%jGKB;$,H/@8!"96N,(B RTF $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2012-0183$B!#(B Exploitability Index: 1

$B!!(BWord 2010 $B$d(B Word Viewer $B$K$O$3$N7g4Y$O$J$$!#(B

MS12-030 - $B=EMW(B: Microsoft Office $B$N@H

$B!!(BExcel 2003 / 2007 / 2010$B!"(BOffice 2008 for Mac$B!"(BOffice for Mac 2011$B!"(BExcel Viewer$B!"(BOffice $B8_495!G=%Q%C%/$K(B 6 $B$D$N7g4Y!#(B

  • Excel $B%U%!%$%k7A<0$N%a%b%jGKB;$N@HCVE-2012-0141

    Office 2008 for Mac $B$K$O$3$N7g4Y$O$J$$!#(B Exploitability Index: 3

  • OBJECTLINK $B%l%3!<%I$N(B Excel $B%U%!%$%k7A<0$N%a%b%jGKB;$N@HCVE-2012-0142

    Office for Mac 2011 $B$K$O$3$N7g4Y$O$J$$!#(B Exploitability Index: 3

  • $B$5$^$6$^$JJQ99$5$l$?%P%$%H$r;HMQ$9$k$H$-$N(B Excel $B%a%b%jGKB;$N@HCVE-2012-0143

    Excel 2007 / 2010$B!"(BOffice for Mac 2011$B!"(BExcel Viewer$B!"(BOffice $B8_495!G=%Q%C%/$K$O$3$N7g4Y$O$J$$!#(B Exploitability Index: 1

  • Excel SXLI $B%l%3!<%I$N%a%b%jGKB;$N@HCVE-2012-01840

    Exploitability Index: 1

  • Excel MergeCells $B%l%3!<%I$N%R!<%W(B $B%*!<%P!<%U%m!<$N@HCVE-2012-0185

    Excel 2003$B!"(BOffice 2008 for Mac$B!"(BOffice for Mac 2011 $B$K$O$3$N7g4Y$O$J$$!#(B Exploitability Index: 2

  • Excel Series $B%l%3!<%I$NCVE-2012-1847

    Exploitability Index: 1

MS12-031 - $B=EMW(B: Microsoft Visio Viewer 2010 $B$N@H

$B!!(BVisio Viewer 2010 $B$K7g4Y!#(BVisio $B%U%!%$%k$N=hM}$K7g4Y$,$"$j!"96N,(B Visio $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2012-0018$B!#(BExploitability Index: 1

MS12-032 - $B=EMW(B: TCP/IP $B$N@H:3J$5$l$k(B (2688338)

$B!!(BWindows Vista / Server 2008 / 7 / Server 2008 R2 $B$K(B 2 $B$D$N7g4Y!#(B

  • Windows $B%U%!%$%"%&%)!<%k$N%P%$%Q%9$N@HCVE-2012-0174

    $B%V%m!<%I%-%c%9%H%Q%1%C%H$N=hM}$K7g4Y$,$"$j!"Aw?.%U%!%$%"%&%)!<%k$K$h$k5,B'$r2sHr$G$-$F$7$^$&!#(BExploitability Index: N/A

    $B4XO"(B: Windows Firewall Bypass Vulnerability and NetBIOS NS (SANS ISC, 2012.05.08)

  • TCP/IP $B$N%@%V%k(B $B%U%j!<$N@HCVE-2012-0179

    TCP/IP $B%9%?%C%/$K$*$1$k(B IPv6 $B%"%I%l%9$N%m!<%+%k%$%s%?!<%U%'%$%9$X$N%P%$%s%I=hM}$K7g4Y$,$"$j!"(Blocal user $B$K$h$k8"8B>e>:$,2DG=!#(B Windows Vista / Server 2008 $B$K$O$3$N7g4Y$O$J$$!#(B Exploitability Index: 1

MS12-033 - $B=EMW(B: Windows Partition Manager $B$N@H:3J$5$l$k(B (2690533)

$B!!(BWindows Vista / Server 2008 / 7 / Server 2008 R2 $B$K7g4Y!#(B Windows Partition Manager (partmgr.sys) $B$K7g4Y$,$"$j!"(Blocal user $B$K$h$k8"8B>e>:$,2DG=!#(BExploitability Index: 1

MS12-034 - $B6[5^(B: Microsoft Office$B!"(BWindows$B!"(B.NET Framework$B!"(BSilverlight $BMQ$N%;%-%e%j%F%#99?7%W%m%0%i%`$NAH$_9g$o$;(B (2681578)

$B!!(BWindows XP / Server 2003 / Vista / Server 2008 / 7 / Server 2008 R2$B!"(B .NET Framework 3.0 / 3.5.1 / 4$B!"(BOffice 2003 / 2007 / 2010$B!"(BSilverlight 4 / 5 $B$K(B 10 $B

  • TrueType $B%U%)%s%H$N2r@O$N@HCVE-2011-3402

    Exploitability Index: 1

  • TrueType $B%U%)%s%H$N2r@O$N@HCVE-2012-0159

    Exploitability Index: 1

  • .NET Framework $B$N%P%C%U%!!<3d$jEv$F$N@HCVE-2012-0162

    Exploitability Index: 1

  • .NET Framework $B$N%$%s%G%C%/%9Hf3S$N@HCVE-2012-0164

    Exploitability Index: N/A

  • GDI+ $B%l%3!<%I$NCVE-2012-0165

    Exploitability Index: 1

  • GDI+ $B%R!<%W(B $B%*!<%P!<%U%m!<$N@HCVE-2012-0167

    Exploitability Index: 1

  • Silverlight $B%@%V%k%U%j!<$N@HCVE-2012-0176

    Exploitability Index: 1

  • Windows $B$*$h$S%a%C%;!<%8$N@HCVE-2012-0180

    Exploitability Index: 1

  • $B%-!<%\!<%I(B $B%l%$%"%&%H(B $B%U%!%$%k$N@HCVE-2012-0181

    Exploitability Index: 1

  • $B%9%/%m!<%k(B $B%P!<$N7W;;J}K!$N@HCVE-2012-1848

    Exploitability Index: 1

$B!!4XO"(B: MS12-034: Duqu, ten CVE's, and removing keyboard layout file attack surface (Microsoft Security Research & Defense, 2012.05.08)

MS12-035 - $B6[5^(B: .NET Framework $B$N@H

$B!!(B.NET Framework 1.0 / 1.1 / 2.0 / 3.0 / 3.5 / 3.5.1 / 4 $B$K(B 2 $B$D$N7g4Y!#(B

  • .NET Framework $B$N%7%j%"%k2=$N@HCVE-2012-0160

    .NET Framework $BFb$N%7%j%"%k2==hM}$K7g4Y$,$"$j!"(Bremote $B$+$iG$0U$N%3!<%I$r

  • .NET Framework $B$N%7%j%"%k2=$N@HCVE-2012-0161

    .NET Framework $BFb$N%7%j%"%k2==hM}$K$*$1$kNc30$N=hM}$K7g4Y$,$"$j!"(Bremote $B$+$iG$0U$N%3!<%I$r

$B!!4XO"(B:

2012.05.10 $BDI5-(B:

$B!!!V%l%8%9%H%j$r$$$8$C$F%-!<%\!<%I%l%$%"%&%H$rJQ99$7$F$$$k$H(B KB2686509 (MS12-034) $B$NE,MQ$K<:GT$9$k!W$H$$$&;vNc$,$"$k$h$&$G$9!#(B

2012.05.11 $BDI5-(B:

$B!!(BMS12-035 $B=$@5%W%m%0%i%`$N$&$A(B KB2604044 $B$O(B Windows Update $B$d(B WSUS $B$G$OG[I[$5$l$F$$$J$$$=$&$@!#(B

$B!!(BWindows$B$d(BOffice$B$J$I$K4m81$J@H ($BF|7P(B IT Pro, 2012.05.10)

$B!!FC$KCm0U$,I,MW$J$N$O!"(BOutlook 2007$B$N%f!<%6! $B!!0-l9g!"(BOutlook 2007$B$O(BWord$B$r;H$C$F$=$N%a!<%k$r3+$3$&$H$9$k!#$3$N$?$a!"@H $B!!(BOutlook 2007$B$N%f!<%6!<$G$J$/$F$b!"%a!<%k$N%j!<%@!<$K(BWord$B$r@_Dj$7$F$$$k>l9g$K$O!"F1MM$N4m81@-$,$"$k!#(B

$B"#(B $BDI5-(B

CGI $BHG(B PHP $B$K=EBg$J7g4Y!"(Bremote $B$+$iG$0U$N%9%/%j%W%H$r

$B!!(BPHP 5.4.3 / 5.3.13 $B$,8x3+$5$l$^$7$?(B (PHP.net, 2012.05.08)$B!#(BCVE-2012-2311 $B$H(B CVE-2012-2329 $B$,=$@5$5$l$F$$$^$9!#(B $B4XO"(B:

$B"#(B Node.js - HTTP Server Security Vulnerability: Please upgrade to 0.6.17
(node blog, 2012.05.07)

$B!!(BNode.js $B$K7g4Y!"96N,%j%/%(%9%H$K$h$C$F(B remote $B$K5!Hy>pJs$,O31L$9$k!#(B 0.6.17 / 0.7.8 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B 2012.05.08

$B"#(B $BDI5-(B

$B%*%i%/%k!"?<9o$J@H

$B!!4XO"(B:

$B"#(B About the security content of iOS 5.1.1 Software Update
(Apple, 2012.05.07)

$B!!(BiOS 5.1.1 $BEP>l!#(B4 $B7o$N%;%-%e%j%F%#7g4Y$,=$@5$5$l$F$$$k!#(B CVE-2012-0674 CVE-2011-3046 CVE-2011-3056 CVE-2012-0672

$B"#(B 2012.05.07

$B"#(B $B$$$m$$$m(B (2012.05.07)
(various)

2012.05.10 $BDI5-(B:

$B!!(BApple update to OS X Lion exposes encryption passwords (Sophos, 2012.05.06) $B$N7o!"(B About the security content of OS X Lion v10.7.4 and Security Update 2012-002 (Apple, 2012.05.09) $B$G=$@5$5$l$^$7$?!#(B

$B"#(B 2012 $BG/(B 5 $B7n(B 9 $BF|$N%;%-%e%j%F%#(B $B%j%j!<%9M=Dj(B ($B7nNc(B)
($BF|K\$N%;%-%e%j%F%#%A!<%`(B, 2012.05.04)

$B!!6[5^(B x 3$B!"=EMW(B x 4$B!#(BOffice $B$"$j!"(B.NET Framework $B$"$j!#(B

$B"#(B APSB12-09: Security update available for Adobe Flash Player
(Adobe, 2012.05.04)

$B!!(BFlash Player 11.2.202.235 for Windows / Mac / Linux, 11.1.115.8 for Android 4.x, 11.1.111.9 for Android 3.x / 2.x $BEP>l!#(B0-day $B7g4Y(B CVE-2012-0779 $B$,=$@5$5$l$F$$$k!#(B 0-day $B$N>\:Y$K$D$$$F$O!"(B Adobe Flash Player $B$N@H ($B%7%^%s%F%C%/(B, 2012.05.07) $B$r;2>H!#(B

$B$9$G$K(B 1 $B=54V0J>e$b3hF0$,B3$$$F$$$^$9!#(B($BCfN,(B) $B$3$l$^$G$N$H$3$m!"73<{;:6H$KMxMQ$5$l$k@=IJ$N%a!<%+!<4V$GJ#?t$NI8E*$,3NG'$5$l$F$$$^$9$,!"$3$l$O:#8e?tF|$N$&$A$KJQ$o$k$b$N$H9M$($i$l$^$9!#(B

$B!!(BIlion $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#4XO"(B:

$B"#(B CGI $BHG(B PHP $B$K=EBg$J7g4Y!"(Bremote $B$+$iG$0U$N%9%/%j%W%H$r
(various)

$B!!(BPHP $B$r(B CGI $B$GF0:n$5$;$F$$$k>l9g(B ($BAG$N(B CGI$B!"$"$k$$$O(B mod_cgid $B7PM3$N>l9g(B) $B$K7g4Y!#(Bremote $B$+$iG$0U$N%9%/%j%W%H$rl9g$K$O!"$3$N7g4Y$N1F6A$rCVE-2012-1823 CVE-2012-2311$B!#(B $B4{$K(B Metasploit $B%b%8%e!<%k$,Ds6!(B$B$5$l$F$$$k!#(B

$B!!(BPHP 5.3.12 / 5.4.2 $B$G=$@5$5$l$?$O$:$@$C$?$N$@$,!"l9g$K$O!"2?$i$+$NBP1~$,I,MW!#4XO"(B:

2012.05.09 $BDI5-(B:

$B!!(BPHP 5.4.3 / 5.3.13 $B$,8x3+$5$l$^$7$?(B (PHP.net, 2012.05.08)$B!#(BCVE-2012-2311 $B$H(B CVE-2012-2329 $B$,=$@5$5$l$F$$$^$9!#(B $B4XO"(B:

2012.05.10 $BDI5-(B:

$B!!4XO"(B:

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2012.05.02)

  • ShowIP $B$N7o!"(BMozilla $B$N(B ShowIP add-on $B%Z!<%8$+$i%@%&%s%m!<%I$5$l$k$b$N$O(B 1.0 $B$KLa$5$l$?!#(BShibuya, Nobuhiro @nsh1960 $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#%P!<%8%g%s(B 1.5 $B$G$OEv3:%5%$%H$X$NDL?.$,(B SSL $B2=$5$l$?$h$&$@$,!"(B ShowIP add-on $B%Z!<%8$+$i%@%&%s%m!<%I$5$l$k$b$N$O(B 1.0 $B$N$^$^$N$h$&$@!#(B

    ++ Note for 1.5: Security updates where done like and https was added.

    ++ Note for people with 1.4 and later installed: The Plugin gets data like ISP and Country from an external API. If you are not interested in that information you can deactivate it in the settings! It is recommended until an https update and some other changes are done.

    ++ The version you can download here is 1.0 which is an old one without getting and/or showing the webserver$B!-(Bs ISP and country.

  • Skype $B$N7o!"Skype knew about IP address security flaw since November 2010 (Sophos, 2012.05.03)

$B"#(B 2012.05.04

$B"#(B 2012.05.02

$B"#(B $B$$$m$$$m(B (2012.05.02)
(various)

2012.05.07 $BDI5-(B:

  • ShowIP $B$N7o!"(BMozilla $B$N(B ShowIP add-on $B%Z!<%8$+$i%@%&%s%m!<%I$5$l$k$b$N$O(B 1.0 $B$KLa$5$l$?!#(BShibuya, Nobuhiro @nsh1960 $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#%P!<%8%g%s(B 1.5 $B$G$OEv3:%5%$%H$X$NDL?.$,(B SSL $B2=$5$l$?$h$&$@$,!"(B ShowIP add-on $B%Z!<%8$+$i%@%&%s%m!<%I$5$l$k$b$N$O(B 1.0 $B$N$^$^$N$h$&$@!#(B

    ++ Note for 1.5: Security updates where done like and https was added.

    ++ Note for people with 1.4 and later installed: The Plugin gets data like ISP and Country from an external API. If you are not interested in that information you can deactivate it in the settings! It is recommended until an https update and some other changes are done.

    ++ The version you can download here is 1.0 which is an old one without getting and/or showing the webserver$B!-(Bs ISP and country.

  • Skype $B$N7o!"Skype knew about IP address security flaw since November 2010 (Sophos, 2012.05.03)

$B"#(B 2012.05.01

$B"#(B Chrome Stable Channel Update
(Google Chrome Release Blog, 2012.04.30)

$B!!(BChrome 18.0.1025.168 $BEP>l!#(B5 $B7o$N%;%-%e%j%F%#7g4Y$,=$@5$5$l$F$$$k!#(B

$B"#(B CVE-2012-2111: Samba - Incorrect permission checks when granting/removing privileges can compromise file server security
(Samba.org, 2012.04.30)

$B!!(BSamba 3.4.x $B!A(B 3.6.x $B$K7g4Y!#(BLocal Security Authority (LSA) $B%j%b!<%H%W%m%7!<%8%c%3!<%k(B (RPC) CreateAccount, OpenAccount, AddAccountRights, RemoveAccountRights $B$K$*$1$k%;%-%e%j%F%#%A%'%C%/$K7g4Y$,$"$j!"G'>Z:Q$_%f!<%6$,8"8B%G!<%?%Y!<%9(B (account_policy.tdb) $B$r2~JQ$G$-$k!#(BCVE-2012-2111

$B!!(BSamba 3.6.5 / 3.5.15 / 3.4.17 $B$G=$@5$5$l$F$$$k!#$^$?(B smb.conf $B$N(B [global] $B%;%/%7%g%s$K(B enable privileges = no $B%Q%i%a!<%?$rDI2C$9$k$3$H$G2sHr$G$-$k!#ITE,@Z$K5v2D$5$l$?8"8B$r:o=|$9$k$K$O!"(Baccount_policy.tdb $B%U%!%$%k$r:o=|$7!"BP1~%P!<%8%g%s$K99?7$7$?8e$K!"(Bnet rpc rights $B%3%^%s%I$r;H$C$F:F@_Dj$9$k!#(B

$B"#(B $BDI5-(B

$B%*%i%/%k!"?<9o$J@H

$B!!(BOSX.Flashback.K $B$NGX8e$K$"$k6bA,E*$JF05!(B ($B%7%^%s%F%C%/(B, 2012.05.01)$B!#9-9pNA$r2T$0!#(B

$B9-9p%/%j%C%/7?$N%H%m%$$NLZGO$OL\?7$7$$$b$N$G$O$J$/!"(B$B:rG/$N(B 8 $B7n$K9T$C$?(B W32.Xpaj.B $B$N2r@O(B$B$G$b!"(B25,000 $B7o$N46@w$,4QB,$5$l$?CO0h$N%\%C%H%M%C%H$+$i(B 1 $BF|Ev$?$j:GBg(B 450 $B%I%k$N<}1W$,$"$C$?$b$N$H9M$($i$l$F$$$^$9!#(BFlashback Trojan $B$N>l9g$O5,LO$,?t(B 10 $BK|7o$KC#$7$F$$$k$3$H$+$i!"$3$N?t;z$O(B 1 $BF|Ev$?$jM%$K(B 10,000 $B%I%k0J>e$K5Z$V$G$7$g$&!#(B

$BuBV$KJ]$D$3$H$,=EMW$G$9!#(B

Oracle April 2012 Critical Patch Update Released

$B!!(Bunpatched $B$N7o!"%*%U%#%7%c%k>pJs=P$^$7$?!#(B

OpenSSL Security Advisory [19 Apr 2012] ASN1 BIO vulnerability (CVE-2012-2110)

$B!!(BOpenSSL 1.0.1a $B$OHs(B x86 / x86_64 $B4D6-$G$O$&$^$/%3%s%Q%$%k$G$-$J$$$J$I$N(B$BLdBj(B$B$,$"$C$?$=$&$G!"(B $B$3$l$r=$@5$7$?(B OpenSSL 1.0.1b $B$,(B$B8x3+(B$B$5$l$F$$$^$9!#(B iida $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B $B$$$m$$$m(B (2012.05.01)
(various)

$B2a5n$N5-;v(B: 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

[$B%;%-%e%j%F%#%[!<%k(B memo]
[$B;d$K$D$$$F(B]