Symantec, Microsoft, iD - The BugBlog Report, 5/29/06

Here are some of the most significant bugs from the past week in the BugBlog:

Symantec says their enterprise line of anti-virus software, Symantec Client Security 3.1 and Symantec Antivirus Corporate Edition 10.1, are vulnerable to a stack overflow that may allow both local and remote attackers to run their code on the target computers. Symantec has updated virus signatures to check for attacks that may exploit this. See Symantec's security page for news on updates. Symantec credits eEye Digital Security for finding this bug, which does not affect the consumer-level Norton AntiVirus products.

Microsoft has issued their own security advisory about the zero-day exploit affecting Microsoft Word. This attack is spread via a malicious email attachment that must be opened by the recipient. They say that this bug only affects Word 2002 and Word 2003. As a workaround, Microsoft says to operate Word in Safe Mode, and do not use it as the default editor in Outlook. See how to do that at Microsoft's website. eEye Digital Security issued their own bulletin. Their testing shows that Word 2000 is also affected. There may also be multiple variations of this attack circulating.

If you are playing iD Software Doom 3 at a 2560 by 1600 resolution on a Windows XP computer with an ATI Radeon graphics card, you may see green circles around the energy projectiles of demons. (That, of course, upsets the aesthetics of the game.) ATI says they have fixed this in their Catalyst Software Suite 6.4 driver update.

Article Author: Bruce Kratofil

Bruce Kratofil blogs on bugs and other things that can go wrong with your computer at The BugBlog, and writes about computers and economics at BJK Research

Visit Bruce Kratofil's author page — Bruce Kratofil's Blog