From: "Randy H"
This is a multi-part message in MIME format.
------=_NextPart_000_0045_01C2BF32.9F24E320
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0046_01C2BF32.9F24E320"
------=_NextPart_001_0046_01C2BF32.9F24E320
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
Sorry, but I don't agree. And we'll just have to leave it at that. =20
"Rich" wrote in message news:3e2a050e{at}w3.nls.net...
Because the thread started with new features =3D=3D new =
vulnerabilities and branched from a thread discussing a less feature = rich
player like WMP 6.x. Media playback is constant across the board = and
would not support a claim of new vulnerabilities being due to new = WMP9
features.
Rich
"Randy H" wrote in message =
news:3e29f939{at}w3.nls.net...
Why the exclusion of new features related to media playback?=20
"Rich" wrote in message news:3e29aacb{at}w3.nls.net...
Yep along with whether they are due to new features, specificly =
those not related to media playback.
Rich
"Randy H" wrote in message =
news:3e29747e{at}w3.nls.net...
We'll just have to wait and see what vulnerabilities do surface =
with WMP9. =20
"Rich" wrote in message news:3e279d79{at}w3.nls.net...
If you were to look at these you would find that the more =
recent more feature rich players have fewer issues than older players =
pretty much refuting the insinuation that more features =3D=3D more =
vulnerabilities. WMP 8.0 for Windows XP has two or if you stretch three =
issues. Of those two, one was common to all players and one was an old =
feature retained for compatility and the vulnerability was not with WMP =
but an issue of WMP exposing something that could be used against =
something else.
I suspect if you look at other media players you would =
likely find the same. Not that Real Player has had a great track record =
lately but I suspect newer versions are better than old ones.
Rich
"Randy H" wrote
in message =
news:3e2768da{at}w3.nls.net...
Some of these look old, but I'm not at all surpised.=20
"Geo." wrote in message =
news:3e2762a0{at}w3.nls.net...
"Randy H" wrote
in message =
news:3e2756fa{at}w3.nls.net...
> What I'd like to know is how many new vulnerability =
vectors these
> new features have added.
2002-10-18: Windows Media Player For Solaris Default =
World Writeable Permissions Vulnerability=20
2002-08-22: Microsoft Windows Media Player =
File Attachment Script Execution Vulnerability=20
2002-07-30: Microsoft Windows Media Player =
Filename Buffer Overflow Vulnerability=20
2002-07-25: Windows Media Player IE Cache =
Path Disclosure Vulnerability=20
2002-06-27: Windows Media Player Playlist =
HTML Script Execution Vulnerability=20
2002-06-27: Windows Media Player WMDM =
Privilege Escalation Vulnerability=20
2001-11-20: Windows Media Player Internet =
Shortcut Execution Vulnerability=20
2001-11-20: Microsoft Windows Media Player =
.NSC File Buffer Overflow Vulnerability=20
2001-11-20: Microsoft Windows Media Player =
.ASF Marker Buffer Overflow Vulnerability=20
2001-08-13: Windows Media Player .ASX =
'Version' Buffer Overflow Vulnerability=20
2001-05-26: Microsoft Windows Media Player =
.ASX Buffer Overflow Vulnerability=20
2001-05-02: Windows Media Player .ASX Buffer =
Overflow Vulnerability=20
2001-02-14: Microsoft Windows Media Player =
.WMZ Arbitrary Java Applet Vulnerability=20
2001-01-01: Microsoft Windows Media Player =
Javascript URL Vulnerability=20
2000-11-22: Microsoft Windows Media Player =
.WMS Arbitrary Script Vulnerability=20
2000-09-26: Microsoft Windows Media Player 7 =
Embedded OCX Control Vulnerability=20
=20
=20
------=_NextPart_001_0046_01C2BF32.9F24E320
Content-Type: text/html;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
Sorry, but I don't agree. And we'll just have to =
leave it at=20
that.
"Rich" <{at}> wrote in message news:3e2a050e{at}w3.nls.net...
Because
the thread =
started with new=20
features =3D=3D new vulnerabilities and branched from a thread =
discussing a less=20
feature rich player like WMP 6.x. Media playback is constant =
across the=20
board and would not support a claim of new vulnerabilities being due =
to new=20
WMP9 features.
Rich
"Randy H" <randy_holcomb{at}attglobal.netmailto:randy_holcomb{at}attglobal.net">randy_holcomb{at}attglobal.net
A>>=20
wrote in message news:3e29f939{at}w3.nls.net...
Why the exclusion of new features related to =
media=20
playback?
"Rich" <{at}> wrote in message news:3e29aacb{at}w3.nls.net...
Yep
along with =
whether they are=20
due to new features, specificly those not related to media=20
playback.
Rich
"Randy H" <randy_holcomb{at}attglobal.netmailto:randy_holcomb{at}attglobal.net">randy_holcomb{at}attglobal.net
A>>=20
wrote in message news:3e29747e{at}w3.nls.net...
We'll just have to wait and see what=20
vulnerabilities do surface with WMP9.
"Rich" <{at}> wrote in message news:3e279d79{at}w3.nls.net...
If you were to =
look at these=20
you would find that the more recent more feature rich players =
have=20
fewer issues than older players pretty much refuting the =
insinuation=20
that more features =3D=3D more vulnerabilities. WMP 8.0 =
for Windows=20
XP has two or if you stretch three issues. Of those two, =
one was=20
common to all players and one was an old feature retained for=20
compatility and the vulnerability was not with WMP but an =
issue of WMP=20
exposing something that could be used against something=20
else.
I suspect if you =
look at=20
other media players you would likely find the same. Not =
that=20
Real Player has had a great track record lately but I suspect =
newer=20
versions are better than old ones.
Rich
"Randy H" <randy_holcomb{at}attglobal.netmailto:randy_holcomb{at}attglobal.net">randy_holcomb{at}attglobal.net
A>>=20
wrote in message news:3e2768da{at}w3.nls.net...
Some of these look old, but I'm not at =
all=20
surpised.
"Geo." <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
=
wrote in=20
message news:3e2762a0{at}w3.nls.net...
"Randy H"
<mailto:randy_holcomb{at}attglobal.net">
size=3D2>randy_holcomb{at}attglobal.net>=20
wrote in message news:3e2756fa{at}w3.nls.net...
> What I'd like to
know is how many =
new=20
vulnerability vectors these> new features have=20
added.
=20
![3D""=20](3D"<A)
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2002-10-18:
Windows=20">http://online.securityfocus.com/bid/6003">Windows=20
Media Player For Solaris Default World =
Writeable=20
Permissions Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2002-08-22:
Microsoft=20">http://online.securityfocus.com/bid/5543">Microsoft=20
Windows Media Player File Attachment Script =
Execution=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2002-07-30:
Microsoft=20">http://online.securityfocus.com/bid/5357">Microsoft=20
Windows Media Player Filename Buffer Overflow=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2002-07-25:
Windows=20">http://online.securityfocus.com/bid/5107">Windows=20
Media Player IE Cache Path Disclosure=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2002-06-27:
Windows=20">http://online.securityfocus.com/bid/5110">Windows=20
Media Player Playlist HTML Script Execution=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2002-06-27:
Windows=20">http://online.securityfocus.com/bid/5109">Windows=20
Media Player WMDM Privilege Escalation=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-11-20:
Windows=20">http://online.securityfocus.com/bid/2765">Windows=20
Media Player Internet Shortcut Execution=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-11-20:
Microsoft=20">http://online.securityfocus.com/bid/3105">Microsoft=20
Windows Media Player .NSC File Buffer Overflow =
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-11-20:
Microsoft=20">http://online.securityfocus.com/bid/3156">Microsoft=20
Windows Media Player .ASF Marker Buffer =
Overflow=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-08-13:
Windows=20">http://online.securityfocus.com/bid/2686">Windows=20
Media Player .ASX 'Version' Buffer Overflow=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-05-26:
Microsoft=20">http://online.securityfocus.com/bid/1980">Microsoft=20
Windows Media Player .ASX Buffer Overflow=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-05-02:
Windows=20">http://online.securityfocus.com/bid/2677">Windows=20
Media Player .ASX Buffer Overflow=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-02-14:
Microsoft=20">http://online.securityfocus.com/bid/2203">Microsoft=20
Windows Media Player .WMZ Arbitrary Java =
Applet=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-01-01:
Microsoft=20">http://online.securityfocus.com/bid/2167">Microsoft=20
Windows Media Player Javascript URL=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2000-11-22:
Microsoft=20">http://online.securityfocus.com/bid/1976">Microsoft=20
Windows Media Player .WMS Arbitrary Script=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2000-09-26:
Microsoft=20">http://online.securityfocus.com/bid/1714">Microsoft=20
Windows Media Player 7 Embedded OCX Control=20
=
Vulnerability
------=_NextPart_001_0046_01C2BF32.9F24E320--
------=_NextPart_000_0045_01C2BF32.9F24E320
Content-Type: image/gif;
name="bllt_rd_1.gif"
Content-Transfer-Encoding: base64
Content-Location: http://online.securityfocus.com/sfonline/images/build/bllt_rd
_1.gif
R0lGODlhBQAKAIAAAMDAwJYAGCH5BAEAAAAALAAAAAAFAAoAQAILhG8RyKC+2nlPqgIAOw==
------=_NextPart_000_0045_01C2BF32.9F24E320--
--- BBBS/NT v4.01 Flag-4
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/1.45)
SEEN-BY: 633/267 270
@PATH: 379/1 633/267
SOURCE: echomail via fidonet.ozzmosis.com
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.