From: "Geo." 

I beg to differ, since WMP is being used to execute code that the hacker
wrote, by definition there is an exploit in WMP. You of course are free to
call it a feature if you like.

Geo.

"Rich"  wrote in message news:3e2e16e9{at}w3.nls.net...
   Obviously you do not understand.  There is no exploit in WMP in either
case.  Maybe you want to argue that the HTTP protocol is still unpatched
because all exploits in all browsers involving a web site require HTTP and
when HTTP is disabled none of these exploits work.

Rich

  "Geo."  wrote in message
news:3e2df83a$1{at}w3.nls.net...
  I understand what you are saying but the wimpy exploit is not patched is
it?
  What was patched was stage 2 of the hack (and maybe stage 3). The media
  player exploit that's used to kick it off is still functional even after
you
  patch IE.

  Geo.

  "Rich"  wrote in message news:3e2ccb3f$1{at}w3.nls.net...
     I know exactly which report it was to which you referred.  You included
a
  copy earlier.  Note that this one references the earlier whimpy report.
The
  two are distinct reports.  Look at the dates.  They are a year apart.
Also,
  the report to which you refer starts out with a clear statement that it is
  just another scenario trying to exploit problems reported earlier.  While
  both try to implicate WMP the only connection to WMP is that it is used as
  one step in a complex sequence.  Also true of both cases is that IE is the
  significant component.  It's not just that IE was patched, but the the
root
  of the vulnerability is with IE which is what it was changed.  It's not
with
  everything that is used in the complex scenario.  If you follow that
logic,
  all these are vulnerabilities in the HTTP protocol because the HTTP
protocol
  is used in all of these and if you disable the HTTP protocol system wide
  then the vulnerabilities disappear.  That is the logic you tried earlier,
  albeit incorrectly, with scripting.  It simply does not satisfy the rules
of
  logic.

  Rich

    "Geo."  wrote in message
news:3e2c9cbd$1{at}w3.nls.net...
    Rich,

    I value your knowledge about IE, but I don't see us agreeing on this.
Here
    is a link to the original writeup

    http://lists.insecure.org/lists/bugtraq/2002/Aug/0316.html

    In that link just before step one he says it's a combination of several
    exploits the one that's used to kick it off is the wimpy exploit of
media
    player, he even links to it in his post
http://www.malware.com/wimpy.html
  so
    we have the exploit author, the guy who discovered wimpy and me saying
  it's
    a media player exploit and you and MS saying it's an IE exploit. What
  makes
    his hack unique is the way in which he uses wimpy to control IE
  components.

    I think the difference in our viewpoints is because you are coming at it
    from the patch side and I'm coming at it from the hack side. You see it
as
    being patched from IE, I see it as being exploited from Media player.

    Geo.

    "Rich"  wrote in message news:3e2c354a$1{at}w3.nls.net...
       Actually, it's an IE issue.  There was one IE issue which these folks
    reported several distinct paths to the same issue as if they are
different
    issues.  In any case, if you go back and read this thread you posted a
    different issue.  Try to read your own posts.  In any event, both are IE
    issues.

    Rich

--- BBBS/NT v4.01 Flag-4