Productivity and business

Stikkit, the smarter yellow sticky

From the Web 2.0 Conference:

Stikkit is like an online pad of yellow sticky notes. These notes, though, do more than the pieces paper you scrawl notes on and then lose. Stikkit tries to interpret what you mean when you write stuff like, "Call Mary at 4pm tomorrow," and then organize your notes for you. In that particular example, it will file the note as an appointment.

Stikkit has a grammar for doing other smart things, and it does take a few minute for a user to learn it. For example, to-do items are created when you … Read more

TimeBridge fixes group scheduling

From the Web 2.0 Conference:

Most of us waste a lot of time trying to find times for meetings. Inside a company, Microsoft Outlook users (on Exchange servers) can see the times their coworkers are free and busy. It's a good start, but when we want to schedule a meeting with multiple people or meet with people outside our company, everything can quickly fall apart. TimeBridge is trying to solve this problem, with a system that handles the negotiation of finding meeting times.

Like the ultrasimple Doodle, TimeBridge lets you set up multiple options for a meeting, and … Read more

Unspecified vulnerability in Microsoft PowerPoint 2000

There is an unspecified vulnerability within Microsoft Office PowerPoint 2000. To become infected, however, a user must open a specially crafted PowerPoint file (PPT). To guard against infection, open suspect files in the free Microsoft PowerPoint Viewer 2003 instead. Malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F take advantage of this PowerPoint flaw.

Additional resources:

Vendor Patch Information: MS06-058 US-CERT Vulnerability Note: VU#231204 FrSIRT: 3794

Unspecified Code Execution Vulnerability in Word 2000

There's an unspecified new vulnerability affecting Word 2000 documents running on Windows 2000 systems. Although it's been exploited in the wild, security vendors are downplaying the threat as it is hard to execute on a victim's machine. Nonetheless, Microsoft has issued a Security Advisory for the vulnerablity which allows remote user-assisted attackers to execute arbitrary code on a compromised machine. Various security have identified the Trojans used in such attacks with names including Trojan.Mdropper.Q, Mofei, and Femo.

Additional Resources:

Microsoft info: Security Advisory NIST.gov: CVE-2006-4534 FrSIRT: ADV-2006-3448 News.com: Word flaw hit with zero-day attack … Read more

Internet Explorer DirectX Image Transform Object Denial of Service Vulnerability

This vulnerability creates a denial of service (crash) within Microsoft Internet Explorer 6 after a victim has been tricked into visiting a malicious Web page. Using the DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property, an error is generated.

Additional Resources:

French Security Incident Response Team: ADV-2006-2832 BrowserFun: #17 National Institute of Standards and Technology: CVE-2006-3657

PowerPoint Memory Corruption Vulnerability

Malicious attackers may use specially created PowerPoint files to crash a victim's computer. There are actually three separate vulnerabilities that occur when the application uses data taken directly from a PowerPoint presentation file as a pointer when saving or closing a malformed presentation. A malicious attacker can exploit this to corrupt memory and manipulate the program flow, and could allow a remote attacker access to a compromised system.

Additional Resources:

French Security Incident Response Team: ADV-2006-2815 National Institute of Standards and Technology: CVE-2006-3660 National Institute of Standards and Technology: CVE-2006-3656 National Institute of Standards and Technology: CVE-2006-3655 Secunia advisory #: … Read more