TIP: Click on subject to list as thread!

ANSI

echo:	nthelp
to:	Rich
from:	Geo.
date:	2003-01-23 06:26:54
subject:	Re: More fiction, more nonsense
From: "Geo." the script is in the asf file, media player is associated with asf files and that's what I view as running the script. I never used the phrase "executing script" as I don't care what piece of code does the actual execution of the script (be it media player or a system script interpreter module or IE or whatever dll happens to do the actual work) because it's media player that is setting off the script. Geo. "Rich" wrote in message news:3e2f72f3{at}w3.nls.net... No. Are you going to continue lying? If you admit this now we may be able to save time. I also want to point out that while in one message you lie that you never claimed WMP is executing script, having used the word code in the immediately preceeding message, you posted this one with the lie that WMP is executing script. Rich "Geo." wrote in message news:3e2f5de3$3{at}w3.nls.net... It is part of the asf file that media player loads after finding a pointer to it in the asx file. Geo. "Rich" wrote in message news:3e2f54b9{at}w3.nls.net... More lies. This is in an HTML file that WMP never sees. It's loaded by IE in the scenario described in the original report. Why don't you even bother to read the stuff you post? Rich "Geo." wrote in message news:3e2f3b49$1{at}w3.nls.net... This section in the asf file that WMP reads: function malware(){ alert("malware");location=("file://C%3A%5CMy%20Documents%5CMy%20Music% 5CVirtual%20Albums%5Cmalware%5Cf ck.asx%20.") } Geo. "Robert G Lewis" wrote in message news:3e2ecc9b{at}w3.nls.net... What is causing the pages to load in IE so the script can be ran ? Bob Lewis "Rich" wrote in message news:3e2eca1f{at}w3.nls.net... Their you go with lies again. There is no script being run by WMP. All the script in these examples is in web pages that are opened in IE. Rich "Geo." wrote in message news:3e2e7cbc{at}w3.nls.net... I beg to differ, since WMP is being used to execute code that the hacker wrote, by definition there is an exploit in WMP. You of course are free to call it a feature if you like. Geo. "Rich" wrote in message news:3e2e16e9{at}w3.nls.net... Obviously you do not understand. There is no exploit in WMP in either case. Maybe you want to argue that the HTTP protocol is still unpatched because all exploits in all browsers involving a web site require HTTP and when HTTP is disabled none of these exploits work. Rich "Geo." wrote in message news:3e2df83a$1{at}w3.nls.net... I understand what you are saying but the wimpy exploit is not patched is it? What was patched was stage 2 of the hack (and maybe stage 3). The media player exploit that's used to kick it off is still functional even after you patch IE. Geo. "Rich" wrote in message news:3e2ccb3f$1{at}w3.nls.net... I know exactly which report it was to which you referred. You included a copy earlier. Note that this one references the earlier whimpy report. The two are distinct reports. Look at the dates. They are a year apart. Also, the report to which you refer starts out with a clear statement that it is just another scenario trying to exploit problems reported earlier. While both try to implicate WMP the only connection to WMP is that it is used as one step in a complex sequence. Also true of both cases is that IE is the significant component. It's not just that IE was patched, but the the root of the vulnerability is with IE which is what it was changed. It's not with everything that is used in the complex scenario. If you follow that logic, all these are vulnerabilities in the HTTP protocol because the HTTP protocol is used in all of these and if you disable the HTTP protocol system wide then the vulnerabilities disappear. That is the logic you tried earlier, albeit incorrectly, with scripting. It simply does not satisfy the rules of logic. Rich "Geo." wrote in message news:3e2c9cbd$1{at}w3.nls.net... Rich, I value your knowledge about IE, but I don't see us agreeing on this. Here is a link to the original writeup http://lists.insecure.org/lists/bugtraq/2002/Aug/0316.html In that link just before step one he says it's a combination of several exploits the one that's used to kick it off is the wimpy exploit of media player, he even links to it in his post http://www.malware.com/wimpy.html so we have the exploit author, the guy who discovered wimpy and me saying it's a media player exploit and you and MS saying it's an IE exploit. What makes his hack unique is the way in which he uses wimpy to control IE components. I think the difference in our viewpoints is because you are coming at it from the patch side and I'm coming at it from the hack side. You see it as being patched from IE, I see it as being exploited from Media player. Geo. "Rich" wrote in message news:3e2c354a$1{at}w3.nls.net... Actually, it's an IE issue. There was one IE issue which these folks reported several distinct paths to the same issue as if they are different issues. In any case, if you go back and read this thread you posted a different issue. Try to read your own posts. In any event, both are IE issues. Rich --- BBBS/NT v4.01 Flag-4 * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/1.45) SEEN-BY: 633/267 270 @PATH: 379/1 633/267
SOURCE: echomail via fidonet.ozzmosis.com

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.