Second Life, Microsoft, and Adobe: The BugBlog Report 11/21/06

Here are some of the most significant bugs from the past week in the BugBlog:

The virtual world Second Life was attacked by a worm that created shiny gold rings that showed up on the imaginary landscape. If the Second Life users' avatars touched the rings, they would replicate. Enough people did, and the Second Life servers bogged down until they were cleaned up by system administrators. Read about it at Slashdot at or at the Second Life blog. No word on whether this worm is being called Snow Crash. (I've never been to Second Life, myself — my First Life is challenging enough.)

Microsoft says that their Microsoft Agent software technology has a critical bug that may allow a hostile website to completely control your computer. To fall victim, you would need to visit a website that links to a malicious .ACF file. This is a Critical bug for Windows 2000 and Windows XP, and a Moderate bug for Windows Server 2003. There is information on a temporary workaround, plus links to a permanent fix. If you really aren't that familiar with Microsoft Agent (I wasn't) you can learn about it at Microsoft's website.

Adobe has an updated Flash Player 9.0.28.0 that patches a security bug that affects Flash Player 7.x, 8.x, and 9.x. The bug lets remote attackers modify HTTP headers which could then lead to HTTP Request Splitting attacks. Users of Flash Player 7-9 should get the latest player. Note that Microsoft also issued a security bulletin on the same day about Flash Player — but this bulletin was about a bug in Flash Player 6, a bug fixed by Adobe two months earlier.

Article Author: Bruce Kratofil

Bruce Kratofil blogs on bugs and other things that can go wrong with your computer at The BugBlog, and writes about computers and economics at BJK Research

Visit Bruce Kratofil's author page — Bruce Kratofil's Blog