From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_00CB_01C2C30F.4E1E0070
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   Again you switched to a separate issue.  This is not the one you =
posted earlier which we have been discussing for a long time.  You are =
looking like a fool still.  You can't even keep track of your posts = which
should come as no surprise since you have repeatedly demostrated = that you
don't read them.

   This too demonstrates no vulnerability in WMP.  The issue is either =
with IE or the data binding component.  I'd have to look closer to see =
which.  The mention of the WMD being automatically opened sounds like = the
IE issue addressed by MS01-020.

Rich

  "Geo."  wrote in message =
news:3e30945c$1{at}w3.nls.net...
  "Robert G Lewis"  wrote in message
  news:3e30131a$1{at}w3.nls.net...

  > So a file being read by WMP will start IE and then execute
  something.That's
  > what I thought was going on.

  Here's the actual description:
  ------------------
  The Windows Media Package file (malware.wmd) is automatically opened =
from
  web or news or mail, it automatically creates the malware folder in =
the
  so-called 'Virtual Music" directory. It automatically extracts the
  malware.asx meta file, which is valid but includes our Active X =
component as
  above, and it extracts our malware.asf file which includes our URL =
flip.
  The URL flip is called once the malware.asf starts playing, it creates =
an
  "about" window from within the malware folder, the
"about" window =
includes
  our databinding control which points to the malware.asx which is =
rendered as
  *.html because the datafld header *IS* the *.asx meta tag !

  And that all in turn executes! our file on the target computer.
  -------------------

  Geo.


------=_NextPart_000_00CB_01C2C30F.4E1E0070
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   Again you
switched to a =
separate=20
issue.  This is not the one you posted earlier which we have
been=20 discussing for a long time.  You are looking like a fool =
still.  You=20
can't even keep track of your posts which should come as no surprise = since you=20
have repeatedly demostrated that you don't read them.
 
   This too
demonstrates no =
vulnerability=20
in WMP.  The issue is either with IE or the data binding =
component. =20
I'd have to look closer to see which.  The mention of the WMD being =

automatically opened sounds like the IE issue addressed by=20
MS01-020.
 
Rich
 

  "Geo." <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
wrote=20
  in message news:3e30945c$1{at}w3.nls.net..."Robert=20
  G Lewis" <r.g.lewis{at}verizon.net>">mailto:r.g.lewis{at}verizon.net">r.g.lewis{at}verizon.net>
=
wrote in=20
  messagenews:3e30131a$1{at}w3.nls.net...=
>=20
  So a file being read by WMP will start IE and then=20
  executesomething.That's> what I thought was going =
on.Here's=20
  the actual description:------------------The Windows Media =
Package=20
  file (malware.wmd) is automatically opened fromweb or news or =
mail, it=20
  automatically creates the malware folder in theso-called 'Virtual =
Music"=20
  directory. It automatically extracts themalware.asx meta file, =
which is=20
  valid but includes our Active X component asabove, and it extracts =
our=20
  malware.asf file which includes our URL flip.The URL flip is =
called once=20
  the malware.asf starts playing, it creates an"about"
window from =
within=20
  the malware folder, the "about" window includesour
databinding =
control=20
  which points to the malware.asx which is rendered as*.html because =
the=20
  datafld header *IS* the *.asx meta tag !And that all in turn =
executes!=20
  our file on the target=20
computer.-------------------Geo.<=
/HTML>

------=_NextPart_000_00CB_01C2C30F.4E1E0070--

--- BBBS/NT v4.01 Flag-4