From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_000A_01C2C1F6.CE887480
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   The user.  The HTTP protocol.  The electricity that powers the =
computer.  The warmth of the sun.  And more.  Remove any one of these =
from the complex scenario and nothing happens.  Like WMP none of these =
are the source of the vulnerability.

Rich

  "Robert G Lewis"  wrote in message =
news:3e2ecc9b{at}w3.nls.net...
  What is causing the pages to load in IE so the script can be ran ?

  Bob Lewis

    "Rich"  wrote in message news:3e2eca1f{at}w3.nls.net...
       Their you go with lies again.  There is no script being run by =
WMP.  All the script in these examples is in web pages that are opened = in IE.

    Rich

      "Geo."  wrote in message =
news:3e2e7cbc{at}w3.nls.net...
      I beg to differ, since WMP is being used to execute code that the =
hacker
      wrote, by definition there is an exploit in WMP. You of course are =
free to
      call it a feature if you like.

      Geo.

      "Rich"  wrote in message news:3e2e16e9{at}w3.nls.net...
         Obviously you do not understand.  There is no exploit in WMP in =
either
      case.  Maybe you want to argue that the HTTP protocol is still =
unpatched
      because all exploits in all browsers involving a web site require =
HTTP and
      when HTTP is disabled none of these exploits work.

      Rich

        "Geo."  wrote in message =
news:3e2df83a$1{at}w3.nls.net...
        I understand what you are saying but the wimpy exploit is not =
patched is
      it?
        What was patched was stage 2 of the hack (and maybe stage 3). =
The media
        player exploit that's used to kick it off is still functional =
even after
      you
        patch IE.

        Geo.

        "Rich"  wrote in message news:3e2ccb3f$1{at}w3.nls.net...
           I know exactly which report it was to which you referred.  =
You included
      a
        copy earlier.  Note that this one references the earlier whimpy =
report.
      The
        two are distinct reports.  Look at the dates.  They are a year =
apart.
      Also,
        the report to which you refer starts out with a clear statement =
that it is
        just another scenario trying to exploit problems reported =
earlier.  While
        both try to implicate WMP the only connection to WMP is that it =
is used as
        one step in a complex sequence.  Also true of both cases is that =
IE is the
        significant component.  It's not just that IE was patched, but =
the the
      root
        of the vulnerability is with IE which is what it was changed.  =
It's not
      with
        everything that is used in the complex scenario.  If you follow =
that
      logic,
        all these are vulnerabilities in the HTTP protocol because the =
HTTP
      protocol
        is used in all of these and if you disable the HTTP protocol =
system wide
        then the vulnerabilities disappear.  That is the logic you tried =
earlier,
        albeit incorrectly, with scripting.  It simply does not satisfy =
the rules
      of
        logic.

        Rich

          "Geo."  wrote in message =
news:3e2c9cbd$1{at}w3.nls.net...
          Rich,

          I value your knowledge about IE, but I don't see us agreeing =
on this.
      Here
          is a link to the original writeup

          http://lists.insecure.org/lists/bugtraq/2002/Aug/0316.html

          In that link just before step one he says it's a combination =
of several
          exploits the one that's used to kick it off is the wimpy =
exploit of
      media
          player, he even links to it in his post
      http://www.malware.com/wimpy.html
        so
          we have the exploit author, the guy who discovered wimpy and =
me saying
        it's
          a media player exploit and you and MS saying it's an IE =
exploit. What
        makes
          his hack unique is the way in which he uses wimpy to control =
IE
        components.

          I think the difference in our viewpoints is because you are =
coming at it
          from the patch side and I'm coming at it from the hack side. =
You see it
      as
          being patched from IE, I see it as being exploited from Media =
player.

          Geo.

          "Rich"  wrote in message news:3e2c354a$1{at}w3.nls.net...
             Actually, it's an IE issue.  There was one IE issue which =
these folks
          reported several distinct paths to the same issue as if they =
are
      different
          issues.  In any case, if you go back and read this thread you =
posted a
          different issue.  Try to read your own posts.  In any event, =
both are IE
          issues.

          Rich




------=_NextPart_000_000A_01C2C1F6.CE887480
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   The
user.  The HTTP=20
protocol.  The electricity that powers the computer.  The
= warmth of=20
the sun.  And more.  Remove any one of these from the
complex = scenario=20
and nothing happens.  Like WMP none of these are the source of
the=20 vulnerability.
 
Rich
 

  "Robert G Lewis" <r.g.lewis{at}verizon.net>">mailto:r.g.lewis{at}verizon.net">r.g.lewis{at}verizon.net>
=
wrote in=20
  message news:3e2ecc9b{at}w3.nls.net...
  What is causing the pages to load in =
IE so the=20
  script can be ran ?
   
  Bob Lewis
   
  

    "Rich" <{at}> wrote in message news:3e2eca1f{at}w3.nls.net...
       Their
you go with lies =

    again.  There is no script being run by WMP.  All the =
script in=20
    these examples is in web pages that are opened in IE.
     
    Rich
     
    
      "Geo." <georger{at}nls.net>=20">mailto:georger{at}nls.net">georger{at}nls.net>=20
      wrote in message news:3e2e7cbc{at}w3.nls.net...I
= beg=20
      to differ, since WMP is being used to execute code that the=20
      hackerwrote, by definition there is an exploit in WMP. You of =
course=20
      are free tocall it a feature if you =
like.Geo."Rich"=20
      <{at}> wrote in message news:3e2e16e9{at}w3.nls.net...&nbs=
p; =20
      Obviously you do not understand.  There is no exploit in WMP =
in=20
      eithercase.  Maybe you want to argue that the HTTP =
protocol is=20
      still unpatchedbecause all exploits in all browsers involving =
a web=20
      site require HTTP andwhen HTTP is disabled none of these =
exploits=20
      work.Rich 
"Geo." <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
wrote in =
message news:3e2df83a$1{at}w3.nls.net...=
 =20
      I understand what you are saying but the wimpy exploit is not =
patched=20
      isit?  What was patched was stage 2 of
the hack (and =
maybe=20
      stage 3). The media  player exploit that's used to kick =
it off is=20
      still functional even afteryou  patch =
IE. =20
      Geo.  "Rich" <{at}>
wrote in message news:3e2ccb3f$1{at}w3.nls.net...=
    =20
      I know exactly which report it was to which you referred.  =
You=20
      includeda  copy earlier.  Note
that this one =
references=20
      the earlier whimpy report.The  two are distinct=20
      reports.  Look at the dates.  They are a year=20
      apart.Also,  the report to which you
refer starts out =
with a=20
      clear statement that it is  just another scenario trying =
to=20
      exploit problems reported earlier. 
While  both try =
to=20
      implicate WMP the only connection to WMP is that it is used =
as =20
      one step in a complex sequence.  Also true of both cases is =
that IE=20
      is the  significant component.  It's not
just that =
IE was=20
      patched, but the theroot  of the
vulnerability is =
with IE=20
      which is what it was changed.  It's
notwith  =
everything=20
      that is used in the complex scenario.  If you follow=20
      thatlogic,  all these are
vulnerabilities in the HTTP =

      protocol because the HTTPprotocol  is
used in all of =
these=20
      and if you disable the HTTP protocol system wide  then =
the=20
      vulnerabilities disappear.  That is the logic you tried=20
      earlier,  albeit incorrectly, with scripting.  It =
simply=20
      does not satisfy the rulesof 
logic. =20
      Rich   
"Geo." <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
wrote in =
message news:3e2c9cbd$1{at}w3.nls.net...=
   =20
      Rich,    I value your
knowledge about IE, =
but I=20
      don't see us agreeing on
this.Here    is a =
link to=20
      the original writeup    http:=">http://lists.insecure.org/lists/bugtraq/2002/Aug/0316.html">http:=
//lists.insecure.org/lists/bugtraq/2002/Aug/0316.html &n=
bsp; =20
      In that link just before step one he says it's a combination of=20
      several    exploits the one
that's used to kick =
it off=20
      is the wimpy exploit
ofmedia    player, he =
even=20
      links to it in his posthttp://www.malware.com/wimpy.h" target="new">http://www.malware.com/wimpy.h=">http://www.malware.com/wimpy.html">http://www.malware.com/wimpy.h=
tml =20
      so    we have the exploit
author, the guy who=20
      discovered wimpy and me saying  =
it's    a=20
      media player exploit and you and MS saying it's an IE exploit.=20
      What 
makes    his hack unique is the =
way in=20
      which he uses wimpy to control IE =20
      components.    I think
the difference in =
our=20
      viewpoints is because you are coming at
it    =
from the=20
      patch side and I'm coming at it from the hack side. You see=20
      itas    being patched
from IE, I see it as =
being=20
      exploited from Media
player.   =20
      Geo.   
"Rich" <{at}> wrote in message =
news:3e2c354a$1{at}w3.nls.net...=
      =20
      Actually, it's an IE issue.  There was one IE issue which =
these=20
      folks    reported several
distinct paths to the =
same=20
      issue as if they
aredifferent    =
issues.  In=20
      any case, if you go back and read this thread you posted=20
      a    different issue. 
Try to read your =
own=20
      posts.  In any event, both are
IE   =20
      issues.   =20
  =
Rich=


------=_NextPart_000_000A_01C2C1F6.CE887480--

--- BBBS/NT v4.01 Flag-4