From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_000F_01C2C3F8.5E501ED0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   I'm not missing something.  Opening web page or frame is not a =
security vulnerability.  Opening pages that are intended to be = disallowed
is.  WMP isn't opening a disallowed page here.  IE is.

Rich


  "Geo."  wrote in message
news:3e321eed{at}w3.nls.net...
  "Rich"  wrote in message news:3e3219d5$1{at}w3.nls.net...
  >>   Assuming we are back to the original report you mentioned and we =
had
  been discussing, the problem is that IE allowed a remote site to =
navigate to
  the local file and a distinct IE problem with MIME content tyoes.  =
That's
  it.  This report is just one complex scenario that exploited the IE =
issues
  and it is just those and not the whole scenario that is the problem.<<

  But there is a point here you seem to be missing. Many exploits for IE =
are
  not considered true exploits or not critical exploits because they =
require
  the hacker somehow lure the IE user to the hackers hostile web page in =
order
  to hack the IE user.

  If IE were more under the control of the user, if it required a user
  specifically make the decision to start up IE and go off to a URL =
instead of
  all these automatic ways of having other apps launch IE on a mission, =
IE
  would be a LOT less of a risk.

  I will accept that media player is not the gun, but it is most =
certainly
  aiming the gun and it is also the trigger and it's being pulled by a =
stealth
  feature in a media player file that is under the control of someone =
other
  than the user. No?

  Geo.


------=_NextPart_000_000F_01C2C3F8.5E501ED0
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   I'm not missing =
something. =20
Opening web page or frame is not a security =
vulnerability. =20
Opening pages that are intended to be disallowed is.  WMP isn't =
opening a=20
disallowed page here.  IE is.
 
Rich
 
 

  "Geo." <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
wrote=20

--- BBBS/NT v4.01 Flag-4