From: "Geo." 

This section in the asf file that WMP reads:


 
function malware(){
alert("malware");location=("file://C%3A%5CMy%20Documents%5CMy%20Music%
5CVirtual%20Albums%5Cmalware%5Cf ck.asx%20.")
 }
  


Geo.

"Robert G Lewis"  wrote in message
news:3e2ecc9b{at}w3.nls.net...
What is causing the pages to load in IE so the script can be ran ?

Bob Lewis

  "Rich"  wrote in message news:3e2eca1f{at}w3.nls.net...
     Their you go with lies again.  There is no script being run by WMP.
All the script in these examples is in web pages that are opened in IE.

  Rich

    "Geo."  wrote in message
news:3e2e7cbc{at}w3.nls.net...
    I beg to differ, since WMP is being used to execute code that the hacker
    wrote, by definition there is an exploit in WMP. You of course are free
to
    call it a feature if you like.

    Geo.

    "Rich"  wrote in message news:3e2e16e9{at}w3.nls.net...
       Obviously you do not understand.  There is no exploit in WMP in
either
    case.  Maybe you want to argue that the HTTP protocol is still unpatched
    because all exploits in all browsers involving a web site require HTTP
and
    when HTTP is disabled none of these exploits work.

    Rich

      "Geo."  wrote in message
news:3e2df83a$1{at}w3.nls.net...
      I understand what you are saying but the wimpy exploit is not patched
is
    it?
      What was patched was stage 2 of the hack (and maybe stage 3). The
media
      player exploit that's used to kick it off is still functional even
after
    you
      patch IE.

      Geo.

      "Rich"  wrote in message news:3e2ccb3f$1{at}w3.nls.net...
         I know exactly which report it was to which you referred.  You
included
    a
      copy earlier.  Note that this one references the earlier whimpy
report.
    The
      two are distinct reports.  Look at the dates.  They are a year apart.
    Also,
      the report to which you refer starts out with a clear statement that
it is
      just another scenario trying to exploit problems reported earlier.
While
      both try to implicate WMP the only connection to WMP is that it is
used as
      one step in a complex sequence.  Also true of both cases is that IE is
the
      significant component.  It's not just that IE was patched, but the the
    root
      of the vulnerability is with IE which is what it was changed.  It's
not
    with
      everything that is used in the complex scenario.  If you follow that
    logic,
      all these are vulnerabilities in the HTTP protocol because the HTTP
    protocol
      is used in all of these and if you disable the HTTP protocol system
wide
      then the vulnerabilities disappear.  That is the logic you tried
earlier,
      albeit incorrectly, with scripting.  It simply does not satisfy the
rules
    of
      logic.

      Rich

        "Geo."  wrote in message
news:3e2c9cbd$1{at}w3.nls.net...
        Rich,

        I value your knowledge about IE, but I don't see us agreeing on
this.
    Here
        is a link to the original writeup

        http://lists.insecure.org/lists/bugtraq/2002/Aug/0316.html

        In that link just before step one he says it's a combination of
several
        exploits the one that's used to kick it off is the wimpy exploit of
    media
        player, he even links to it in his post
    http://www.malware.com/wimpy.html
      so
        we have the exploit author, the guy who discovered wimpy and me
saying
      it's
        a media player exploit and you and MS saying it's an IE exploit.
What
      makes
        his hack unique is the way in which he uses wimpy to control IE
      components.

        I think the difference in our viewpoints is because you are coming
at it
        from the patch side and I'm coming at it from the hack side. You see
it
    as
        being patched from IE, I see it as being exploited from Media
player.

        Geo.

        "Rich"  wrote in message news:3e2c354a$1{at}w3.nls.net...
           Actually, it's an IE issue.  There was one IE issue which these
folks
        reported several distinct paths to the same issue as if they are
    different
        issues.  In any case, if you go back and read this thread you posted
a
        different issue.  Try to read your own posts.  In any event, both
are IE
        issues.

        Rich

--- BBBS/NT v4.01 Flag-4