From: "Robert G Lewis" 

This is a multi-part message in MIME format.

------=_NextPart_000_000F_01C2C20E.0BBC84B0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

What is causing the pages to load in IE so the script can be ran ?

Bob Lewis

  "Rich"  wrote in message news:3e2eca1f{at}w3.nls.net...
     Their you go with lies again.  There is no script being run by WMP. =
 All the script in these examples is in web pages that are opened in IE.

  Rich

    "Geo."  wrote in message =
news:3e2e7cbc{at}w3.nls.net...
    I beg to differ, since WMP is being used to execute code that the =
hacker
    wrote, by definition there is an exploit in WMP. You of course are =
free to
    call it a feature if you like.

    Geo.

    "Rich"  wrote in message news:3e2e16e9{at}w3.nls.net...
       Obviously you do not understand.  There is no exploit in WMP in =
either
    case.  Maybe you want to argue that the HTTP protocol is still =
unpatched
    because all exploits in all browsers involving a web site require =
HTTP and
    when HTTP is disabled none of these exploits work.

    Rich

      "Geo."  wrote in message =
news:3e2df83a$1{at}w3.nls.net...
      I understand what you are saying but the wimpy exploit is not =
patched is
    it?
      What was patched was stage 2 of the hack (and maybe stage 3). The =
media
      player exploit that's used to kick it off is still functional even =
after
    you
      patch IE.

      Geo.

      "Rich"  wrote in message news:3e2ccb3f$1{at}w3.nls.net...
         I know exactly which report it was to which you referred.  You =
included
    a
      copy earlier.  Note that this one references the earlier whimpy =
report.
    The
      two are distinct reports.  Look at the dates.  They are a year =
apart.
    Also,
      the report to which you refer starts out with a clear statement =
that it is
      just another scenario trying to exploit problems reported earlier. =
 While
      both try to implicate WMP the only connection to WMP is that it is =
used as
      one step in a complex sequence.  Also true of both cases is that =
IE is the
      significant component.  It's not just that IE was patched, but the =
the
    root
      of the vulnerability is with IE which is what it was changed.  =
It's not
    with
      everything that is used in the complex scenario.  If you follow =
that
    logic,
      all these are vulnerabilities in the HTTP protocol because the =
HTTP
    protocol
      is used in all of these and if you disable the HTTP protocol =
system wide
      then the vulnerabilities disappear.  That is the logic you tried =
earlier,
      albeit incorrectly, with scripting.  It simply does not satisfy =
the rules
    of
      logic.

      Rich

        "Geo."  wrote in message =
news:3e2c9cbd$1{at}w3.nls.net...
        Rich,

        I value your knowledge about IE, but I don't see us agreeing on =
this.
    Here
        is a link to the original writeup

        http://lists.insecure.org/lists/bugtraq/2002/Aug/0316.html

        In that link just before step one he says it's a combination of =
several
        exploits the one that's used to kick it off is the wimpy exploit =
of
    media
        player, he even links to it in his post
    http://www.malware.com/wimpy.html
      so
        we have the exploit author, the guy who discovered wimpy and me =
saying
      it's
        a media player exploit and you and MS saying it's an IE exploit. =
What
      makes
        his hack unique is the way in which he uses wimpy to control IE
      components.

        I think the difference in our viewpoints is because you are =
coming at it
        from the patch side and I'm coming at it from the hack side. You =
see it
    as
        being patched from IE, I see it as being exploited from Media =
player.

        Geo.

        "Rich"  wrote in message news:3e2c354a$1{at}w3.nls.net...
           Actually, it's an IE issue.  There was one IE issue which =
these folks
        reported several distinct paths to the same issue as if they are
    different
        issues.  In any case, if you go back and read this thread you =
posted a
        different issue.  Try to read your own posts.  In any event, =
both are IE
        issues.

        Rich




------=_NextPart_000_000F_01C2C20E.0BBC84B0
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








What is causing the pages to
load in IE =
so the=20
script can be ran ?
 
Bob Lewis
 

  "Rich" <{at}> wrote in message news:3e2eca1f{at}w3.nls.net...
     Their
you go with lies =
again. =20
  There is no script being run by WMP.  All the script in these =
examples is=20
  in web pages that are opened in IE.
   
  Rich
   
  
    "Geo." <georger{at}nls.net>=20">mailto:georger{at}nls.net">georger{at}nls.net>=20
    wrote in message news:3e2e7cbc{at}w3.nls.net...I
= beg=20
    to differ, since WMP is being used to execute code that the =
hackerwrote,=20
    by definition there is an exploit in WMP. You of course are free =
tocall=20
    it a feature if you
like.Geo."Rich"
<{at}> wrote =
in=20
    message news:3e2e16e9{at}w3.nls.net...&nbs=
p; =20
    Obviously you do not understand.  There is no exploit in WMP in =

    eithercase.  Maybe you want to argue that the HTTP protocol =
is=20
    still unpatchedbecause all exploits in all browsers involving a =
web site=20
    require HTTP andwhen HTTP is disabled none of these exploits=20
    work.Rich 
"Geo." <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
wrote in =
message news:3e2df83a$1{at}w3.nls.net...=
 =20
    I understand what you are saying but the wimpy exploit is not =
patched=20
    isit?  What was patched was stage 2 of the
hack (and =
maybe=20
    stage 3). The media  player exploit that's used to kick it =
off is=20
    still functional even afteryou  patch
IE.  =

    Geo.  "Rich" <{at}>
wrote in message news:3e2ccb3f$1{at}w3.nls.net...=
    =20
    I know exactly which report it was to which you referred.  You=20
    includeda  copy earlier.  Note
that this one =
references=20
    the earlier whimpy report.The  two are distinct =
reports. =20
    Look at the dates.  They are a year
apart.Also,  =
the=20
    report to which you refer starts out with a clear statement that it=20
    is  just another scenario trying to exploit problems =
reported=20
    earlier.  While  both try to implicate WMP the only =
connection=20
    to WMP is that it is used as  one step in a complex =
sequence. =20
    Also true of both cases is that IE is the  significant=20
    component.  It's not just that IE was patched, but the=20
    theroot  of the vulnerability is with IE
which is what =
it was=20
    changed.  It's notwith 
everything that is used in =
the=20
    complex scenario.  If you follow
thatlogic,  all =
these are=20
    vulnerabilities in the HTTP protocol because the =
HTTPprotocol =20
    is used in all of these and if you disable the HTTP protocol system=20
    wide  then the vulnerabilities disappear. 
That is the =
logic=20
    you tried earlier,  albeit incorrectly, with =
scripting.  It=20
    simply does not satisfy the rulesof  =
logic. =20
    Rich    "Geo."
<georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
wrote in =
message news:3e2c9cbd$1{at}w3.nls.net...=
   =20
    Rich,    I value your
knowledge about IE, but =
I don't=20
    see us agreeing on
this.Here    is a link to =
the=20
    original writeup    http:=">http://lists.insecure.org/lists/bugtraq/2002/Aug/0316.html">http:=
//lists.insecure.org/lists/bugtraq/2002/Aug/0316.html &n=
bsp; =20
    In that link just before step one he says it's a combination of=20
    several    exploits the one that's
used to kick =
it off is=20
    the wimpy exploit
ofmedia    player, he even =
links to=20
    it in his posthttp://www.malware.com/wimpy.h" target="new">http://www.malware.com/wimpy.h=">http://www.malware.com/wimpy.html">http://www.malware.com/wimpy.h=
tml =20
    so    we have the exploit author,
the guy who =
discovered=20
    wimpy and me saying 
it's    a media =
player=20
    exploit and you and MS saying it's an IE exploit. What =20
    makes    his hack unique is the
way in which he =
uses=20
    wimpy to control IE 
components.    =
I think=20
    the difference in our viewpoints is because you are coming at=20
    it    from the patch side and I'm
coming at it =
from the=20
    hack side. You see
itas    being patched from =
IE, I=20
    see it as being exploited from Media =
player.   =20
    Geo.    "Rich"
<{at}> wrote in message news:3e2c354a$1{at}w3.nls.net...=
      =20
    Actually, it's an IE issue.  There was one IE issue which these =

    folks    reported several distinct
paths to the =
same=20
    issue as if they aredifferent    =
issues.  In any=20
    case, if you go back and read this thread you posted =
a   =20
    different issue.  Try to read your own posts.  In any =
event, both=20
    are IE   
issues.   =20
   
Rich

------=_NextPart_000_000F_01C2C20E.0BBC84B0--

--- BBBS/NT v4.01 Flag-4