TIP: Click on subject to list as thread!

ANSI

echo:	nthelp
to:	Randy H
from:	Rich
date:	2003-01-16 22:14:38
subject:	Re: WMP 9 New features...New vulnerabilities?
From: "Rich" This is a multi-part message in MIME format. ------=_NextPart_000_017D_01C2BDAC.A96D4390 Content-Type: multipart/alternative; boundary="----=_NextPart_001_017E_01C2BDAC.A96D4390" ------=_NextPart_001_017E_01C2BDAC.A96D4390 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable If you were to look at these you would find that the more recent more = feature rich players have fewer issues than older players pretty much = refuting the insinuation that more features =3D=3D more vulnerabilities. = WMP 8.0 for Windows XP has two or if you stretch three issues. Of = those two, one was common to all players and one was an old feature = retained for compatility and the vulnerability was not with WMP but an = issue of WMP exposing something that could be used against something = else. I suspect if you look at other media players you would likely find = the same. Not that Real Player has had a great track record lately but = I suspect newer versions are better than old ones. Rich "Randy H" wrote in message = news:3e2768da{at}w3.nls.net... Some of these look old, but I'm not at all surpised.=20 "Geo." wrote in message = news:3e2762a0{at}w3.nls.net... "Randy H" wrote in message = news:3e2756fa{at}w3.nls.net... > What I'd like to know is how many new vulnerability vectors these > new features have added. 2002-10-18: Windows Media Player For Solaris Default World = Writeable Permissions Vulnerability=20 2002-08-22: Microsoft Windows Media Player File = Attachment Script Execution Vulnerability=20 2002-07-30: Microsoft Windows Media Player Filename = Buffer Overflow Vulnerability=20 2002-07-25: Windows Media Player IE Cache Path = Disclosure Vulnerability=20 2002-06-27: Windows Media Player Playlist HTML Script = Execution Vulnerability=20 2002-06-27: Windows Media Player WMDM Privilege = Escalation Vulnerability=20 2001-11-20: Windows Media Player Internet Shortcut = Execution Vulnerability=20 2001-11-20: Microsoft Windows Media Player .NSC File = Buffer Overflow Vulnerability=20 2001-11-20: Microsoft Windows Media Player .ASF Marker = Buffer Overflow Vulnerability=20 2001-08-13: Windows Media Player .ASX 'Version' Buffer = Overflow Vulnerability=20 2001-05-26: Microsoft Windows Media Player .ASX Buffer = Overflow Vulnerability=20 2001-05-02: Windows Media Player .ASX Buffer Overflow = Vulnerability=20 2001-02-14: Microsoft Windows Media Player .WMZ = Arbitrary Java Applet Vulnerability=20 2001-01-01: Microsoft Windows Media Player Javascript = URL Vulnerability=20 2000-11-22: Microsoft Windows Media Player .WMS = Arbitrary Script Vulnerability=20 2000-09-26: Microsoft Windows Media Player 7 Embedded = OCX Control Vulnerability=20 =20 =20 ------=_NextPart_001_017E_01C2BDAC.A96D4390 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable If you were to look at = these you would=20 find that the more recent more feature rich players have fewer issues = than older=20 players pretty much refuting the insinuation that more features =3D=3D = more=20 vulnerabilities. WMP 8.0 for Windows XP has two or if you stretch = three=20 issues. Of those two, one was common to all players and one was an = old=20 feature retained for compatility and the vulnerability was not with WMP = but an=20 issue of WMP exposing something that could be used against something=20 else. I suspect if you look at = other media=20 players you would likely find the same. Not that Real Player has = had a=20 great track record lately but I suspect newer versions are better than = old=20 ones. Rich "Randy H" <randy_holcomb{at}attglobal.netmailto:randy_holcomb{at}attglobal.net">randy_holcomb{at}attglobal.net A>>=20 wrote in message news:3e2768da{at}w3.nls.net... Some of these look old, but I'm not at all = surpised.=20 "Geo." <georger{at}nls.net>=20">mailto:georger{at}nls.net">georger{at}nls.net>=20 wrote in message news:3e2762a0{at}w3.nls.net... "Randy H" <mailto:randy_holcomb{at}attglobal.net"> size=3D2>randy_holcomb{at}attglobal.net> = wrote in=20 message news:3e2756fa{at}w3.nls.net... > What I'd like to know is how many new = vulnerability=20 vectors these> new features have added. =20 http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi= f"=20 border=3D0>		2002-10-18: Windows">http://online.securityfocus.com/bid/6003">Windows Media=20 Player For Solaris Default World Writeable Permissions=20 Vulnerability http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi= f"=20 border=3D0>	2002-08-22: Microsoft=20">http://online.securityfocus.com/bid/5543">Microsoft=20 Windows Media Player File Attachment Script Execution=20 Vulnerability http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi= f"=20 border=3D0>	2002-07-30: Microsoft=20">http://online.securityfocus.com/bid/5357">Microsoft=20 Windows Media Player Filename Buffer Overflow=20 Vulnerability http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi= f"=20 border=3D0>	2002-07-25: Windows">http://online.securityfocus.com/bid/5107">Windows Media=20 Player IE Cache Path Disclosure = Vulnerability http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi= f"=20 border=3D0>	2002-06-27: Windows">http://online.securityfocus.com/bid/5110">Windows Media=20 Player Playlist HTML Script Execution = Vulnerability http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi= f"=20 border=3D0>	2002-06-27: Windows">http://online.securityfocus.com/bid/5109">Windows Media=20 Player WMDM Privilege Escalation = Vulnerability http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi= f"=20 border=3D0>	2001-11-20: Windows">http://online.securityfocus.com/bid/2765">Windows Media=20 Player Internet Shortcut Execution = Vulnerability http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi= f"=20 border=3D0>	2001-11-20: Microsoft=20">http://online.securityfocus.com/bid/3105">Microsoft=20 Windows Media Player .NSC File Buffer Overflow=20 Vulnerability http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi= f"=20 border=3D0>	2001-11-20: Microsoft=20">http://online.securityfocus.com/bid/3156">Microsoft=20 Windows Media Player .ASF Marker Buffer Overflow=20 Vulnerability http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi= f"=20 border=3D0>	2001-08-13: Windows">http://online.securityfocus.com/bid/2686">Windows Media=20 Player .ASX 'Version' Buffer Overflow = Vulnerability http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi= f"=20 border=3D0>	2001-05-26: Microsoft=20">http://online.securityfocus.com/bid/1980">Microsoft=20 Windows Media Player .ASX Buffer Overflow=20 Vulnerability http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi= f"=20 border=3D0>	2001-05-02: Windows">http://online.securityfocus.com/bid/2677">Windows Media=20 Player .ASX Buffer Overflow Vulnerability http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi= f"=20 border=3D0>	2001-02-14: Microsoft=20">http://online.securityfocus.com/bid/2203">Microsoft=20 Windows Media Player .WMZ Arbitrary Java Applet=20 Vulnerability http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi= f"=20 border=3D0>	2001-01-01: Microsoft=20">http://online.securityfocus.com/bid/2167">Microsoft=20 Windows Media Player Javascript URL = Vulnerability http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi= f"=20 border=3D0>	2000-11-22: Microsoft=20">http://online.securityfocus.com/bid/1976">Microsoft=20 Windows Media Player .WMS Arbitrary Script=20 Vulnerability http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi= f"=20 border=3D0>	2000-09-26: Microsoft=20">http://online.securityfocus.com/bid/1714">Microsoft=20 Windows Media Player 7 Embedded OCX Control=20 = Vulnerability <= /HTML> ------=_NextPart_001_017E_01C2BDAC.A96D4390-- ------=_NextPart_000_017D_01C2BDAC.A96D4390 Content-Type: image/gif; name="bllt_rd_1.gif" Content-Transfer-Encoding: base64 Content-Location: http://online.securityfocus.com/sfonline/images/build/bllt_rd _1.gif R0lGODlhBQAKAIAAAMDAwJYAGCH5BAEAAAAALAAAAAAFAAoAQAILhG8RyKC+2nlPqgIAOw== ------=_NextPart_000_017D_01C2BDAC.A96D4390-- --- BBBS/NT v4.01 Flag-4 * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/1.45) SEEN-BY: 633/267 270 @PATH: 379/1 633/267
SOURCE: echomail via fidonet.ozzmosis.com

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.