T H E   B E S T   S E C U R I T Y  -  R E L A T E D   S I T E

VISIT   WWW.SOFTWARE-PC1.NAROD.RU

18th      October     2003

Enjoy the new design of the site and the latest reviews: Athlon64 testing, Pirates of the Caribbean review, Athlon XP2200+ bechmarking and overclocking.

The new version of K-Lite Codec Pack has just been released.

K-Lite Codec Pack is a package of all the required encoders/decoders that may be needed for playing DivX and XviD format files. It is provided in two packs: basic and full. The following codecs are included in the full pack:

BSplayer v.0.86.501
DivX Pro Decoding v.5.1
DivX Pro Encoding v.5.1
DivX ;) MPEG-4 Low and Fast motion v.4.1.0.3927
XviD Decoding Koepi's build 24/06/2003 and 04/10/2002
XviD Encoding Koepi's build 24/06/2003
3ivX v.4.0.4
Windows Media v.7.1.0.3055
Windows Media v.8.0.0.371
Windows Media VCM v.9.0.1.369
Cyberlink DVD decoder v.5.0.0.803
Ligos MPEG-2 decoder v.4.0.77
Elecard MPEG-2 decoder v.2.0.0.2525
huffyuv v.2.1.1
Ligos Indeo XP v.5.2820.15.58
Intel Indeo v.4.51.16.2
Intel Indeo v.3.24.15.03
Intel I.263 v.2.55.1.16 (for NT systems only)
WMA DirectShow decoder v.8.0.0.4487
AC3 DirectShow decoder v.0.70b
Fraunhofer IIS MPEG Layer-3 DirectShow decoder v.1.9.0.311
Fraunhofer IIS MPEG Layer-3 ACM Codec v.1.2.0.63
LAME MP3 ACM Codec v.3.93.1
Ogg Vorbis DirectShow splitter v.0.9.9.6
Ogg Vorbis DirectShow decoder (CoreVorbis) v.1.0b5
AAC DirectShow decoder (CoreAAC) v.1.0b7
MusePack DirectShow decoder v.1.0.0.2
Matrix Mixer v.0.30b
Morgan Multimedia Stream Switcher v.0.9.7
DirectVobSub (vsfilter) v.2.29
Matroska DirectShow splitter v.1.0.1.8
DivX Anti-Freeze v.0.4
FourCC Code Changer
GSpot Codec Information Appliance v.2.21 build 03071

Download the full version:

K-Lite Codec Pack v2.10 Final (6.8 MB, Windows 98/Me/2000/XP)

The new version of QuickTime 6 has been released recently.

QuickTime is one of the most powerful multimedia players in the Internet that can be used to view MPEG-4, AAC and Instant-On formatted files. The player supports many more additional formats including QuickTime format, MPEG-4, various popular audio formats, different Internet Animations and images, including Flash, digital graphics, streaming media, bass and treble controls, balance control, enhanced interface.

The list of changes in the new version is not reported.

QuickTime v6.4 (11 MB, Shareware, Windows 98/Me/2000/XP)

Software solution for QuickTime 6 remains the same. www.software-pc1.narod.ru .

BadCopy Pro is a leading data recovery tool for floppy disk, CD-ROM, CD-R/W, Digital Media, ZIP Disk and other storage media. It can effectively recover and rescue corrupted or lost data from damaged, unreadable or defective disks. Various damage situations and all file types are supported.

BadCopy Pro v3.72 (860 Kb, Shareware, Windows 98/Me/2000/XP)

Software solution is available ! www.software-pc1.narod.ru

The new version of FreshDiagnose has been released.

Fresh Diagnose is a set of powerful tools aimed for checking the performance of your system. This utility allows to check separate components such as HDD, CPU, Video...The utility also provides the hardware and software information about your system as well as benchmarking tools.

Program's multimedia support has been improved in this new version.

FreshDiagnose v6.40 (1.2 MB, Windows 98/Me/2000/XP)

The program can be registered on the official site absolutely FREE ! If you do not want to spend your time registering it, you can use the following registration information (ABSOLUTELY LEGAL !!!):

 User name: Peter Levchenko
Registration code: 6XCPA-D929-WS2A-2YAZ

Microsoft has issued 5 new bulletins concerning security vulnerabilities in Windows operating systems.

Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)

A vulnerability exists because the ListBox control and the ComboBox control both call a function, which is located in the User32.dll file, that contains a buffer overrun. The function does not correctly validate the parameters that are sent from a specially-crafted Windows message. A security vulnerability exists because the function that provides the list of accessibility options to the user does not correctly validate Windows messages that are sent to it. This vulnerability could be exploited by an attacker for gaining an access to the vulnerable machine.

Microsoft Security Bulletin MS03-045

Use WindowsUpdate service to download this update.

Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119)

A security vulnerability exists in the Help and Support Center function which ships with Windows XP and Windows Server 2003. The affected code is also included in all other supported Windows operating systems, although no known attack vector has been identified at this time because the HCP protocol is not supported on those platforms. The vulnerability results because a file associated with the HCP protocol contains an unchecked buffer. This vulnerability could be exploited by an attacker for gaining an access to the vulnerable machine.

Microsoft Security Bulletin MS03-044

For Windows XP, Gold and Service Pack 1 (298 Kb)

All download links for other Windows operating systems for this patch are available from the security bulletin issued by Microsoft.

For Windows XP, Gold and Service Pack 1 (356 Kb)

All download links for other Windows operating systems for this patch are available from the security bulletin issued by Microsoft.

Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232)

A security vulnerability exists in the Microsoft Local Troubleshooter ActiveX control. The vulnerability exists because the ActiveX control (Tshoot.ocx) contains a buffer overflow that could allow an attacker to run code of their choice on a user�s system. Because this control is marked "safe for scripting", an attacker could exploit this vulnerability by convincing a user to view a specially crafted HTML page that references this ActiveX control. Only Windows 2000 is affected by this patch.

Microsoft Security Bulletin MS03-042

Download links for it can be found in the security bulletin.

Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)

For Windows XP, Gold and Service Pack 1 (423 Kb)

All download links for other Windows operating systems for this patch are available from the security bulletin issued by Microsoft.

CuteFTP Pro is a powerful and quite easy-to-use FTP-Server Client that provides a wide range of functional opportunities as well as flexible options for working with files and FTP Servers. The program can restore broken downloads, supports comfortable tabs for FTP sites, allows works with file groups, scripts and user commands.

Features and Improvements in version 3.3:

Uninstall and file storage location (XP logo related)
Progress bar misreporting
Offline browse caused SM to stay open in classic mode
Folder monitor, Site Backup, SSH2 Cert Wizard tool not functional
Synchronization problem with *nix style listings fixed (ignore seconds in timestamp when synchronizing with *nix hosts)
 

CuteFTP Pro v3.31 Build 9.29.1 (4,8 MB, Shareware, Windows 98/Me/2000/XP)

The software solution is ready. www.software-pc1.narod.ru .

The new version of Tweak XP Pro has been released.

Tweak XP Pro is powerful system tweaker and optimizer (more than 42 different utilities) destined to tweak hundreds of hidden options, features etc. of Windows XP Operating System. Using it's functional textured interface and well-organized help and support system of hints and tips you can easily set up your operating system in any way you want.

There are some major changes in the new version.

Tweak-XP Pro v3.0 (4.2 MB, Shareware, Windows XP)

The new software solution is already available. www.software-pc1.narod.ru.

The new, sixth version of ACDSee has been released. Simultaneously, other ACD products, FotoCanvas and FotoSlate, were updated to version 3.0.

ACDSee 6.0 is a very powerful, easy-to-use and popular archives and digital photos viewer and organizer. It supports all the popular image and archive formats as well as provides tools and services for viewing them comfortably. It also makes it easy to import and share files of supported format.

ACD FotoCanvas 3.0 photo editor includes your essential editing and correction tools.
ACD FotoSlate makes high-quality prints for framing, calendars, contact sheets and more, from pre-made layouts.

Direct links to trial versions are given below:

ACDSee 6.0 PowerPack, also includes FotoCanvas and FotoSlate (12 MB, Shareware, English, Windows 98/Me/2000/XP)
ACDSee 6.0 Standard (9.67 MB, Shareware, English, Windows 98/Me/2000/XP)

You could find links to all other products of ACD Systems here.

Software solution is ready ! www.software-pc1.narod.ru .

October 2003, Cumulative Patch for Internet Explorer (828750) 

This is a cumulative patch that includes the functionality of all previously released patches for Internet Explorer 5.01, 5.5 and 6.0. In addition, it eliminates the following newly discovered vulnerabilities:

A vulnerability that occurs because Internet Explorer does not properly determine an object type returned from a Web server in a popup window. It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it could be possible for the attacker to exploit this vulnerability without any other user action. An attacker could also craft an HTML�based e-mail that would attempt to exploit this vulnerability.

A vulnerability that occurs because Internet Explorer does not properly determine an object type returned from a Web server during XML data binding. It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it could be possible for the attacker to exploit this vulnerability without any other user action. An attacker could also craft an HTML�based e-mail that would attempt to exploit this vulnerability.

In addition, a change has been made to the method by which Internet Explorer handles Dynamic HTML (DHTML) Behaviors in the Internet Explorer Restricted Zone. It could be possible for an attacker exploiting a separate vulnerability (such as one of the two vulnerabilities discussed above) to cause Internet Explorer to run script code in the security context of the Internet Zone. In addition, an attacker could use Windows Media Player�s (WMP) ability to open URLs to construct an attack. An attacker could also craft an HTML-based e-mail that could attempt to exploit this behavior.

To exploit these flaws, the attacker would have to create a specially formed HTML�based e-mail and send it to the user. Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit these vulnerabilities.

Microsoft Security Bulletin MS03-040

Download an update to fix this problem (download locations for other versions of Internet Explorer are available here).

  October 2003 Cumulative Patch 828750  (2 MB, Internet Explorer 6 SP1 All Windows OSs)

Security Update for Microsoft Windows operating systems

04/10/2003

Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)

Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly access services on another computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions.

There are three newly identified vulnerabilities in the part of RPCSS Service that deals with RPC messages for DCOM activation� two that could allow arbitrary code execution and one that could result in a denial of service. The flaws result from incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service. This interface handles DCOM object activation requests that are sent from one machine to another.

An attacker who successfully exploited these vulnerabilities could be able to run code with Local System privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges. To exploit these vulnerabilities, an attacker could create a program to send a malformed RPC message to a vulnerable system targeting the RPCSS Service.

Microsoft Security Bulletin MS03-039

Download an update to fix this problem. (Download links for other OSs are available from the Security Bulletin)

824146 Security Update (1.5 MB, Windows XP)

Security Update for Windows Media Player

04/10/2003

 Windows Media Player Security Update (828026)

A security issue has been identified that could allow an attacker to execute commands on a computer running Windows Media Player. You can help protect your computer by installing this update from Microsoft.

The update can be downloaded by using an online service provided by Microsoft, WindowsUpdate. Size: 2.8 MB.

---

Missed something important ??? Get missed news here :

...<<    -- 2nd, October, 2003     ...             HERE    ! ! !

 

If you missed some earlier news, get to the full

NEWS ARCHIVE

 

 

Editorials

You can place banners of my site on your own site !!! Get one below:

                           

You can use up to 50% of materials placed on my site but only showing the source! Any mirroring of materials is prohibited !!! All these rules are followed by the LAW !!!

 

 

 

Best Regards, Majestic and PC Helper Company�

 

All Copyrights protected. 2002-2003.