From: "Geo." 

did I say script in my post?

Geo.

"Rich"  wrote in message news:3e2eca1f{at}w3.nls.net...
   Their you go with lies again.  There is no script being run by WMP.  All
the script in these examples is in web pages that are opened in IE.

Rich

  "Geo."  wrote in message
news:3e2e7cbc{at}w3.nls.net...
  I beg to differ, since WMP is being used to execute code that the hacker
  wrote, by definition there is an exploit in WMP. You of course are free to
  call it a feature if you like.

  Geo.

  "Rich"  wrote in message news:3e2e16e9{at}w3.nls.net...
     Obviously you do not understand.  There is no exploit in WMP in either
  case.  Maybe you want to argue that the HTTP protocol is still unpatched
  because all exploits in all browsers involving a web site require HTTP and
  when HTTP is disabled none of these exploits work.

  Rich

    "Geo."  wrote in message
news:3e2df83a$1{at}w3.nls.net...
    I understand what you are saying but the wimpy exploit is not patched is
  it?
    What was patched was stage 2 of the hack (and maybe stage 3). The media
    player exploit that's used to kick it off is still functional even after
  you
    patch IE.

    Geo.

    "Rich"  wrote in message news:3e2ccb3f$1{at}w3.nls.net...
       I know exactly which report it was to which you referred.  You
included
  a
    copy earlier.  Note that this one references the earlier whimpy report.
  The
    two are distinct reports.  Look at the dates.  They are a year apart.
  Also,
    the report to which you refer starts out with a clear statement that it
is
    just another scenario trying to exploit problems reported earlier.
While
    both try to implicate WMP the only connection to WMP is that it is used
as
    one step in a complex sequence.  Also true of both cases is that IE is
the
    significant component.  It's not just that IE was patched, but the the
  root
    of the vulnerability is with IE which is what it was changed.  It's not
  with
    everything that is used in the complex scenario.  If you follow that
  logic,
    all these are vulnerabilities in the HTTP protocol because the HTTP
  protocol
    is used in all of these and if you disable the HTTP protocol system wide
    then the vulnerabilities disappear.  That is the logic you tried
earlier,
    albeit incorrectly, with scripting.  It simply does not satisfy the
rules
  of
    logic.

    Rich

      "Geo."  wrote in message
news:3e2c9cbd$1{at}w3.nls.net...
      Rich,

      I value your knowledge about IE, but I don't see us agreeing on this.
  Here
      is a link to the original writeup

      http://lists.insecure.org/lists/bugtraq/2002/Aug/0316.html

      In that link just before step one he says it's a combination of
several
      exploits the one that's used to kick it off is the wimpy exploit of
  media
      player, he even links to it in his post
  http://www.malware.com/wimpy.html
    so
      we have the exploit author, the guy who discovered wimpy and me saying
    it's
      a media player exploit and you and MS saying it's an IE exploit. What
    makes
      his hack unique is the way in which he uses wimpy to control IE
    components.

      I think the difference in our viewpoints is because you are coming at
it
      from the patch side and I'm coming at it from the hack side. You see
it
  as
      being patched from IE, I see it as being exploited from Media player.

      Geo.

      "Rich"  wrote in message news:3e2c354a$1{at}w3.nls.net...
         Actually, it's an IE issue.  There was one IE issue which these
folks
      reported several distinct paths to the same issue as if they are
  different
      issues.  In any case, if you go back and read this thread you posted a
      different issue.  Try to read your own posts.  In any event, both are
IE
      issues.

      Rich

--- BBBS/NT v4.01 Flag-4