乐胖代购免代理版

-----BEGIN PGP SIGNED MESSAGE----- JPCERT-WR-2006-4002 JPCERT/CC 2006-10-18 <<< JPCERT/CC REPORT 2006-10-18 >>> $B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B $B"#(B10/08($BF|(B)$B!A(B10/14($BEZ(B) $B$N%;%-%e%j%F%#4XO">pJs(B $B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B == $BL\(B $B:3J$N@HZ2sHr$N@HR2p$9$k%;%-%e%j%F%#4XO">pJs$NA*Dj4p=`$O0J2<$N%Z!<%8$r$4Mw$/$@$5$$!#(B http://www.jpcert.or.jp/wr/ $B"((BHTML $BHG$*$h$S(B XML $BHG$O0J2<$N%Z!<%8$r$4Mw$/$@$5$$!#(B http://www.jpcert.or.jp/wr/2006/wr064002.html http://www.jpcert.or.jp/wr/2006/wr064002.xml ============================================================================= $B!Z(B1$B![(BMicrosoft Windows, Office, Internet Explorer $B$KJ#?t$N@HpJs8;(B US-CERT Technical Cyber Security Alert TA06-283A Microsoft Updates for Vulnerabilities in Windows, Office, and Internet Explorer http://www.us-cert.gov/cas/techalerts/TA06-283A.html US-CERT Cyber Security Alert SA06-283A Microsoft Updates for Vulnerabilities in Windows, Office, and Internet Explorer http://www.us-cert.gov/cas/alerts/SA06-283A.html US-CERT Vulnerability Note VU#187028 Microsoft PowerPoint fails to properly handle malformed object pointers http://www.kb.cert.org/vuls/id/187028 US-CERT Vulnerability Note VU#938196 Microsoft PowerPoint fails to properly handle malformed data records http://www.kb.cert.org/vuls/id/938196 US-CERT Vulnerability Note VU#205948 Microsoft PowerPoint malformed record memory corruption http://www.kb.cert.org/vuls/id/205948 US-CERT Vulnerability Note VU#706668 Microsoft Excel fails to properly process malformed DATETIME records http://www.kb.cert.org/vuls/id/706668 US-CERT Vulnerability Note VU#143292 Microsoft Excel fails to properly process malformed STYLE records http://www.kb.cert.org/vuls/id/143292 US-CERT Vulnerability Note VU#703936 Microsoft Object Packager fails to properly display file types http://www.kb.cert.org/vuls/id/703936 US-CERT Vulnerability Note VU#252500 Microsoft Excel fails to properly process malformed COLINFO records http://www.kb.cert.org/vuls/id/252500 US-CERT Vulnerability Note VU#821772 Microsoft Excel fails to properly handle Lotus 1-2-3 files http://www.kb.cert.org/vuls/id/821772 US-CERT Vulnerability Note VU#455604 Microsoft .NET Framework contains a cross-site scripting vulnerability http://www.kb.cert.org/vuls/id/455604 US-CERT Vulnerability Note VU#547212 Microsoft XML Core Services XMLHTTP ActiveX control fails to properly interpret certain HTTP operations http://www.kb.cert.org/vuls/id/547212 US-CERT Vulnerability Note VU#820628 Microsoft Server Service fails to properly handle network messages http://www.kb.cert.org/vuls/id/820628 US-CERT Vulnerability Note VU#534276 Microsoft Office fails to properly parse malformed chart records http://www.kb.cert.org/vuls/id/534276 US-CERT Vulnerability Note VU#176556 Microsoft Office fails to properly parse malformed records http://www.kb.cert.org/vuls/id/176556 US-CERT Vulnerability Note VU#234900 Microsoft Office fails to properly parse malformed strings http://www.kb.cert.org/vuls/id/234900 US-CERT Vulnerability Note VU#807780 Microsoft Office fails to properly parse malformed Smart Tags http://www.kb.cert.org/vuls/id/807780 US-CERT Vulnerability Note VU#921300 Microsoft Word vulnerable to remote code execution http://www.kb.cert.org/vuls/id/921300 US-CERT Vulnerability Note VU#562788 Microsoft XML Core Services contain a buffer overflow in the XSLT component http://www.kb.cert.org/vuls/id/562788 US-CERT Vulnerability Note VU#806548 Microsoft Word 2000 malformed record vulnerability http://www.kb.cert.org/vuls/id/806548 CIAC Bulletin R-007 Vulnerability in Windows Explorer http://www.ciac.org/ciac/bulletins/r-007.shtml CIAC Bulletin R-008 Vulnerabilities in Microsoft PowerPoint http://www.ciac.org/ciac/bulletins/r-008.shtml CIAC Bulletin R-009 Vulnerabilities in Microsoft Excel http://www.ciac.org/ciac/bulletins/r-009.shtml CIAC Bulletin R-010 Vulnerabilities in Microsoft Word http://www.ciac.org/ciac/bulletins/r-010.shtml CIAC Bulletin R-011 Vulnerabilities in Microsoft XML Core Services http://www.ciac.org/ciac/bulletins/r-011.shtml CIAC Bulletin R-012 Vulnerabilities in Microsoft Office http://www.ciac.org/ciac/bulletins/r-012.shtml CIAC Bulletin R-013 Vulnerability in ASP.NET 2.0 http://www.ciac.org/ciac/bulletins/r-013.shtml CIAC Bulletin R-014 Vulnerability in Windows Object Packager http://www.ciac.org/ciac/bulletins/r-014.shtml $B35MW(B Microsoft Windows, Office, Internet Explorer $B$K$OJ#?t$N@H\:Y$K$D$$$F$O!"%Y%s%@$,Ds6!$9$k>pJs$r;2>H$7$F$/$@$5$$!#(B $B4XO"J8=q(B ($BF|K\8l(B) JP Vendor Status Notes JVNTA06-283A Microsoft Windows, Office, Internet Explorer $B$K4X$9$k@HpJs(B ($B6[5^(B6$B7o4^(B) $B$K4X$9$kCm0U4-5/(B http://www.jpcert.or.jp/at/2006/at060017.txt 2006 $BG/(B 10 $B7n$N%;%-%e%j%F%#>pJs(B http://www.microsoft.com/japan/technet/security/bulletin/ms06-oct.mspx $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs(B ASP.NET 2.0 $B$N@HpJsO3$($$$,5/$3$k(B (922770) (MS06-056) http://www.microsoft.com/japan/technet/security/bulletin/ms06-056.mspx $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs(B Windows Explorer $B$N@HpJs(B Microsoft PowerPoint $B$N@HpJs(B Microsoft Excel $B$N@HpJs(B Microsoft Word $B$N@HpJs(B Microsoft XML $B%3%"(B $B%5!<%S%9$N@HpJs(B Microsoft Office $B$N@HpJs(B Server $B%5!<%S%9$N@HpJs(B TCP/IP IPv6 $B$N@HpJs(B Windows $B%*%V%8%'%/%H(B $B%Q%C%1!<%8%c$N@HpJs=hM}?d?J5!9=(B $B%;%-%e%j%F%#%;%s%?!<(B Windows $B$N(B Server $B%5!<%S%9$N@HpJs8;(B US-CERT Vulnerability Note VU#788860 Trend Micro OfficeScan Management Console ActiveX control format string vulnerability http://www.kb.cert.org/vuls/id/788860 CIAC Bulletin R-017 TrendMicro OfficeScan http://www.ciac.org/ciac/bulletins/r-017.shtml $B35MW(B Trendmicro OfficeScan Corporate Edition $B$K$O=q<0J8;zNs$N=hM}$K5/(B $B0x$9$k@H]$H$J$k%P!<%8%g%s$O0J2<$NDL$j$G$9!#(B - Trendmicro OfficeScan Corporate Edition 7.3 $B$3$NLdBj$O(B Trendmicro $B$,Ds6!$9$k%Q%C%A$rE,MQ$9$k$3$H$G2r7h$7$^$9!#(B $B4XO"J8=q(B ($B1Q8l(B) OfficeScan Corporate Edition(TM) version 7.3 Patch 1 - build 1146 http://www.trendmicro.com/ftp/documentation/readme/osce_73_win_en_patch1_readme.txt Layered Defense Security Advisories Layered Defense Research Advisory 1 October 2006 http://www.layereddefense.com/TREND01OCT.html $B!Z(B3$B![(BAdobe ColdFusion MX 7 $B$K8"8B>:3J$N@HpJs8;(B CIAC Bulletin R-015 Patch available for ColdFusion MX 7 http://www.ciac.org/ciac/bulletins/r-015.shtml $B35MW(B Adobe ColdFusion MX 7 $B$K$O8"8B>:3J$N@H]$H$J$k%P!<%8%g%s$O0J2<$NDL$j$G$9!#(B - ColdFusion MX 7 - ColdFusion MX 7.0.1 - ColdFusion MX 7.0.2 $B$3$NLdBj$O!"%Y%s%@$,Ds6!$9$k%"%C%W%G!<%?$K(B ColdFusion MX 7 $B$r99(B $B?7$9$k$3$H$G2r7h$7$^$9!#(B $B4XO"J8=q(B ($B1Q8l(B) Adobe Security bulletin Patch available for ColdFusion MX 7 local privilege escalation http://www.adobe.com/support/security/bulletins/apsb06-17.html $B!Z(B4$B![(BX Window System $B$KJ#?t$N@HpJs8;(B CIAC Bulletin R-005 xfree86 Several Vulnerabilities http://www.ciac.org/ciac/bulletins/r-005.shtml $B35MW(B X Window System $B$NpJs8;(B CIAC Bulletin R-016 HP Version Control Agent http://www.ciac.org/ciac/bulletins/r-016.shtml $B35MW(B HP Version Control Agent $B$K$O@H]$H$J$k%P!<%8%g%s$O0J2<$NDL$j$G$9!#(B - Linux $B$*$h$S(B Windows $B>e$GF0:n$9$k(B HP Version Control Agent $B%P!<(B $B%8%g%s(B 2.1.5 $B$h$jA0$N%P!<%8%g%s(B $B$3$NLdBj$O!"%Y%s%@$,Ds6!$9$k%Q%C%A$rE,MQ$9$k$3$H$G2r7h$7$^$9!#(B $B4XO"J8=q(B ($B1Q8l(B) SUPPORT COMMUNICATION - SECURITY BULLETIN c00786136 HPSBMA02158 SSRT061251 rev.1 - HP Version Control Agent, Remote Unauthorized Access and Possible Elevation of Privilege ($BEPO?$,I,MW$G$9(B) http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00786136 $B!Z(B6$B![(BKmail CGI $B$KG'>Z2sHr$N@HpJs8;(B JP Vendor Status Notes JVN#41241092 Kmail CGI $B$K$*$1$kG'>Z2sHr$N@HZ$r2sHr$5$l$k@HZ$r2sHr$5$l!"(B $BMxMQ]$H$J$k%P!<%8%g%s$O0J2<$NDL$j$G$9!#(B - $B%P!<%8%g%s(B 1.0.3 $B$*$h$S$=$l0JA0(B $B$3$NLdBj$O!";HMQ$7$F$$$k(B OS $B$N%Y%s%@$dG[I[85$,Ds6!$9$k:G?7$N%P!<(B $B%8%g%s$K(B Kmail CGI $B$r99?7$9$k$3$H$G2r7h$7$^$9!#(B $B4XO"J8=q(B ($BF|K\8l(B) $BFHN)9T@/K!?M(B $B>pJs=hM}?d?J5!9=(B $B%;%-%e%j%F%#%;%s%?!<(B JVN#41241092$B!V(BKmail CGI$B!W$K$*$1$kG'>Z2sHr$N@HpJs8;(B JPCERT/CC $B@HMh$N%W%m%0%i%_%s%0650i$O!"4pK\E*$J%"%k%4%j%:%`$r$I$N$h$&$K%3!<(B $B%G%#%s%0$9$k$+$,7$$$F$$$^$9!#(B $B$3$N%;%_%J!<$r](B $B$H$7$F$$$^$9!#(B $B>\:Y$K$D$$$F$O(B http://www.jpcert.or.jp/seminar.html $B$J$*!"Aa4|3d0z$N?=9~$_$,(B 10$B7n(B26$BF|(B($BLZ(B) $B$^$G$H$J$C$F$*$j$^$9!#(B $B$NJ}$O$*Aa$a$K$*?=$79~$_$/$@$5$$!#(B $B!Z9V(B $B;U![%m%P!<%H!&(BC$B!&%7!<%3!<%I!!(B( Robert C. Seacord ) $B;a(B $B!ZBP>]o2A3J(B 50,000$B1_(B($B@G9~(B) $B"(Ck?)$O4^$^$l$^$;$s(B $B!Z?=9~J}K!![(B $B%"%9%-!<%S%8%M%9(B $B%*%s%i%$%s%5%$%H$h$j$*?=$79~$_$/$@$5$$(B http://ascii-business.com/abiz/jpcert/form.html $B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B $B"#:#=5$N0l8}%a%b(B $B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B $B!{(BCSIRT $B$N3hF0FbMF$N@)8B$K$D$$$F(B CSIRT (Computer Security Incident Response Team) $B$K$O!"(B constituency ($B%5!<%S%9BP>](B) $B$@$1$G$O$J$/!"(BCSIRT $B$N3hF0L\E*$d=jB0(B $B$9$kAH?%!"=jB0$9$k9q$NK!E*$J@)8B$J$I$K$h$j!"3hF0FbMF$*$h$S3hF0HO(B $B0O$O$=$l$>$l0[$J$j!">l9g$K$h$C$F$Ol9g$G$bBP1~$G$-$J$$$3$H$,$"$j$^$9!#(B $B%$%s%7%G%s%HBP1~$N0l4D$H$7$F!"%$%s%7%G%s%HEv;vpJs$K$D$$$F6qBNE*$JFbMF$=$N$b$N$K(B $B$D$$$F$N$4l9g$b$"$j$^$9!#$^$?%P%C%/%J%s%P!<$O!"(B $B0J2<$N(B URL $B$+$i$4MxMQ$$$?$@$1$^$9!#(B http://www.jpcert.or.jp/wr/ $B!~K\%a!<%j%s%0%j%9%H$N9XFI?=9~$d9XFIDd;_!"$^$?EPO?$7$?EE;R%a!<%k%"%I%l%9(B $B$NJQ99$J$I$K$D$-$^$7$F$O!"0J2<$N(B URL $B$r$4;2>H$/$@$5$$!#(B http://www.jpcert.or.jp/announce.html $B!~(BJPCERT/CC $B$X$N%;%-%e%j%F%#%$%s%7%G%s%H$NJs9pJ}K!$K$D$$$F$O0J2<$N(B URL $B$r$4;2>H$/$@$5$$!#(B http://www.jpcert.or.jp/form/ $B0J>e!#(B __________ 2006 (C) JPCERT/CC -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBRTXDGIx1ay4slNTtAQE3vgQAt2ouX9ekPMcpkssXkw5hbhu2r4a7J6Ra gSa5wKYtfcWMZHxl0nZUPzkPHuufMfhrdQleAmEfJDmiaYAHV3eJWACh9E7lNDxP dLK8OV2kFCKR1T6m5ivtt4SpXCdRkB7PANXIOuEWNBSFs8XRqk++32O7vj/fRwxh UeyH0za2DMg= =JE4K -----END PGP SIGNATURE-----