From: "Geo." 

I understand what you are saying but the wimpy exploit is not patched is
it? What was patched was stage 2 of the hack (and maybe stage 3). The media
player exploit that's used to kick it off is still functional even after
you patch IE.

Geo.

"Rich"  wrote in message news:3e2ccb3f$1{at}w3.nls.net...
   I know exactly which report it was to which you referred.  You included a
copy earlier.  Note that this one references the earlier whimpy report. 
The two are distinct reports.  Look at the dates.  They are a year apart. 
Also, the report to which you refer starts out with a clear statement that
it is just another scenario trying to exploit problems reported earlier. 
While both try to implicate WMP the only connection to WMP is that it is
used as one step in a complex sequence.  Also true of both cases is that IE
is the significant component.  It's not just that IE was patched, but the
the root of the vulnerability is with IE which is what it was changed. 
It's not with everything that is used in the complex scenario.  If you
follow that logic, all these are vulnerabilities in the HTTP protocol
because the HTTP protocol is used in all of these and if you disable the
HTTP protocol system wide then the vulnerabilities disappear.  That is the
logic you tried earlier, albeit incorrectly, with scripting.  It simply
does not satisfy the rules of logic.

Rich

  "Geo."  wrote in message
news:3e2c9cbd$1{at}w3.nls.net...
  Rich,

  I value your knowledge about IE, but I don't see us agreeing on this. Here
  is a link to the original writeup

  http://lists.insecure.org/lists/bugtraq/2002/Aug/0316.html

  In that link just before step one he says it's a combination of several
  exploits the one that's used to kick it off is the wimpy exploit of media
  player, he even links to it in his post http://www.malware.com/wimpy.html
so
  we have the exploit author, the guy who discovered wimpy and me saying
it's
  a media player exploit and you and MS saying it's an IE exploit. What
makes
  his hack unique is the way in which he uses wimpy to control IE
components.

  I think the difference in our viewpoints is because you are coming at it
  from the patch side and I'm coming at it from the hack side. You see it as
  being patched from IE, I see it as being exploited from Media player.

  Geo.

  "Rich"  wrote in message news:3e2c354a$1{at}w3.nls.net...
     Actually, it's an IE issue.  There was one IE issue which these folks
  reported several distinct paths to the same issue as if they are different
  issues.  In any case, if you go back and read this thread you posted a
  different issue.  Try to read your own posts.  In any event, both are IE
  issues.

  Rich

--- BBBS/NT v4.01 Flag-4