From: "Rich"
This is a multi-part message in MIME format.
------=_NextPart_000_0020_01C2BF1B.87850860
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0021_01C2BF1B.87850860"
------=_NextPart_001_0021_01C2BF1B.87850860
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
Because the thread started with new features =3D=3D new =
vulnerabilities and branched from a thread discussing a less feature = rich
player like WMP 6.x. Media playback is constant across the board = and
would not support a claim of new vulnerabilities being due to new = WMP9
features.
Rich
"Randy H" wrote in message =
news:3e29f939{at}w3.nls.net...
Why the exclusion of new features related to media playback?=20
"Rich" wrote in message news:3e29aacb{at}w3.nls.net...
Yep along with whether they are due to new features, specificly =
those not related to media playback.
Rich
"Randy H" wrote in message =
news:3e29747e{at}w3.nls.net...
We'll just have to wait and see what vulnerabilities do surface =
with WMP9. =20
"Rich" wrote in message news:3e279d79{at}w3.nls.net...
If you were to look at these you would find that the more =
recent more feature rich players have fewer issues than older players =
pretty much refuting the insinuation that more features =3D=3D more =
vulnerabilities. WMP 8.0 for Windows XP has two or if you stretch three =
issues. Of those two, one was common to all players and one was an old =
feature retained for compatility and the vulnerability was not with WMP =
but an issue of WMP exposing something that could be used against =
something else.
I suspect if you look at other media players you would likely =
find the same. Not that Real Player has had a great track record lately =
but I suspect newer versions are better than old ones.
Rich
"Randy H" wrote in message =
news:3e2768da{at}w3.nls.net...
Some of these look old, but I'm not at all surpised.=20
"Geo." wrote in message =
news:3e2762a0{at}w3.nls.net...
"Randy H" wrote
in message =
news:3e2756fa{at}w3.nls.net...
> What I'd like to know is how many new vulnerability =
vectors these
> new features have added.
2002-10-18: Windows Media Player For Solaris Default =
World Writeable Permissions Vulnerability=20
2002-08-22: Microsoft Windows Media Player File =
Attachment Script Execution Vulnerability=20
2002-07-30: Microsoft Windows Media Player =
Filename Buffer Overflow Vulnerability=20
2002-07-25: Windows Media Player IE Cache Path =
Disclosure Vulnerability=20
2002-06-27: Windows Media Player Playlist HTML =
Script Execution Vulnerability=20
2002-06-27: Windows Media Player WMDM Privilege =
Escalation Vulnerability=20
2001-11-20: Windows Media Player Internet =
Shortcut Execution Vulnerability=20
2001-11-20: Microsoft Windows Media Player .NSC =
File Buffer Overflow Vulnerability=20
2001-11-20: Microsoft Windows Media Player .ASF =
Marker Buffer Overflow Vulnerability=20
2001-08-13: Windows Media Player .ASX 'Version' =
Buffer Overflow Vulnerability=20
2001-05-26: Microsoft Windows Media Player .ASX =
Buffer Overflow Vulnerability=20
2001-05-02: Windows Media Player .ASX Buffer =
Overflow Vulnerability=20
2001-02-14: Microsoft Windows Media Player .WMZ =
Arbitrary Java Applet Vulnerability=20
2001-01-01: Microsoft Windows Media Player =
Javascript URL Vulnerability=20
2000-11-22: Microsoft Windows Media Player .WMS =
Arbitrary Script Vulnerability=20
2000-09-26: Microsoft Windows Media Player 7 =
Embedded OCX Control Vulnerability=20
=20
=20
------=_NextPart_001_0021_01C2BF1B.87850860
Content-Type: text/html;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
Because
the thread started =
with new=20
features =3D=3D new vulnerabilities and branched from a thread = discussing a less=20
feature rich player like WMP 6.x. Media playback is constant =
across the=20
board and would not support a claim of new vulnerabilities being due to = new WMP9=20
features.
Rich
"Randy H" <randy_holcomb{at}attglobal.netmailto:randy_holcomb{at}attglobal.net">randy_holcomb{at}attglobal.net
A>>=20
wrote in message news:3e29f939{at}w3.nls.net...
Why the exclusion of new features related
to media =
playback?=20
"Rich" <{at}> wrote in message news:3e29aacb{at}w3.nls.net...
Yep
along with whether =
they are=20
due to new features, specificly those not related to media=20
playback.
Rich
"Randy H" <randy_holcomb{at}attglobal.netmailto:randy_holcomb{at}attglobal.net">randy_holcomb{at}attglobal.net
A>>=20
wrote in message news:3e29747e{at}w3.nls.net...
We'll just have to wait and see what=20
vulnerabilities do surface with WMP9.
"Rich" <{at}> wrote in message news:3e279d79{at}w3.nls.net...
If you were to =
look at these=20
you would find that the more recent more feature rich players =
have fewer=20
issues than older players pretty much refuting the insinuation =
that more=20
features =3D=3D more vulnerabilities. WMP 8.0 for Windows =
XP has two=20
or if you stretch three issues. Of those two, one was =
common to=20
all players and one was an old feature retained for compatility =
and the=20
vulnerability was not with WMP but an issue of WMP exposing =
something=20
that could be used against something else.
I
suspect if you =
look at other=20
media players you would likely find the same. Not that =
Real Player=20
has had a great track record lately but I suspect newer versions =
are=20
better than old ones.
Rich
"Randy H" <randy_holcomb{at}attglobal.netmailto:randy_holcomb{at}attglobal.net">randy_holcomb{at}attglobal.net
A>>=20
wrote in message news:3e2768da{at}w3.nls.net...
Some of these look old, but I'm
not at all =
surpised.=20
"Geo." <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
=
wrote in=20
message news:3e2762a0{at}w3.nls.net...
"Randy H"
<mailto:randy_holcomb{at}attglobal.net">
size=3D2>randy_holcomb{at}attglobal.net> wrote=20
in message news:3e2756fa{at}w3.nls.net...
> What I'd like to know
is how many =
new=20
vulnerability vectors these> new features have=20
added.
=20
![3D""=20](3D"<A)
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2002-10-18:
Windows=20">http://online.securityfocus.com/bid/6003">Windows=20
Media Player For Solaris Default World Writeable =
Permissions Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2002-08-22:
Microsoft=20">http://online.securityfocus.com/bid/5543">Microsoft=20
Windows Media Player File Attachment Script =
Execution=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2002-07-30:
Microsoft=20">http://online.securityfocus.com/bid/5357">Microsoft=20
Windows Media Player Filename Buffer Overflow=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2002-07-25:
Windows=20">http://online.securityfocus.com/bid/5107">Windows=20
Media Player IE Cache Path Disclosure=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2002-06-27:
Windows=20">http://online.securityfocus.com/bid/5110">Windows=20
Media Player Playlist HTML Script Execution=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2002-06-27:
Windows=20">http://online.securityfocus.com/bid/5109">Windows=20
Media Player WMDM Privilege Escalation=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-11-20:
Windows=20">http://online.securityfocus.com/bid/2765">Windows=20
Media Player Internet Shortcut Execution=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-11-20:
Microsoft=20">http://online.securityfocus.com/bid/3105">Microsoft=20
Windows Media Player .NSC File Buffer Overflow=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-11-20:
Microsoft=20">http://online.securityfocus.com/bid/3156">Microsoft=20
Windows Media Player .ASF Marker Buffer Overflow =
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-08-13:
Windows=20">http://online.securityfocus.com/bid/2686">Windows=20
Media Player .ASX 'Version' Buffer Overflow=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-05-26:
Microsoft=20">http://online.securityfocus.com/bid/1980">Microsoft=20
Windows Media Player .ASX Buffer Overflow=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-05-02:
Windows=20">http://online.securityfocus.com/bid/2677">Windows=20
Media Player .ASX Buffer Overflow=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-02-14:
Microsoft=20">http://online.securityfocus.com/bid/2203">Microsoft=20
Windows Media Player .WMZ Arbitrary Java Applet=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-01-01:
Microsoft=20">http://online.securityfocus.com/bid/2167">Microsoft=20
Windows Media Player Javascript URL=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2000-11-22:
Microsoft=20">http://online.securityfocus.com/bid/1976">Microsoft=20
Windows Media Player .WMS Arbitrary Script=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2000-09-26:
Microsoft=20">http://online.securityfocus.com/bid/1714">Microsoft=20
Windows Media Player 7 Embedded OCX Control=20
=
Vulnerability
------=_NextPart_001_0021_01C2BF1B.87850860--
------=_NextPart_000_0020_01C2BF1B.87850860
Content-Type: image/gif;
name="bllt_rd_1.gif"
Content-Transfer-Encoding: base64
Content-Location: http://online.securityfocus.com/sfonline/images/build/bllt_rd
_1.gif
R0lGODlhBQAKAIAAAMDAwJYAGCH5BAEAAAAALAAAAAAFAAoAQAILhG8RyKC+2nlPqgIAOw==
------=_NextPart_000_0020_01C2BF1B.87850860--
--- BBBS/NT v4.01 Flag-4
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/1.45)
SEEN-BY: 633/267 270
@PATH: 379/1 633/267
SOURCE: echomail via fidonet.ozzmosis.com
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.