From: "Randy H"
This is a multi-part message in MIME format.
------=_NextPart_000_005A_01C2BDC8.1401B400
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_005B_01C2BDC8.1401B400"
------=_NextPart_001_005B_01C2BDC8.1401B400
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
We'll just have to wait and see what vulnerabilities do surface with = WMP9. =20
"Rich" wrote in message news:3e279d79{at}w3.nls.net...
If you were to look at these you would find that the more recent =
more feature rich players have fewer issues than older players pretty =
much refuting the insinuation that more features =3D=3D more =
vulnerabilities. WMP 8.0 for Windows XP has two or if you stretch three =
issues. Of those two, one was common to all players and one was an old =
feature retained for compatility and the vulnerability was not with WMP =
but an issue of WMP exposing something that could be used against =
something else.
I suspect if you look at other media players you would likely find =
the same. Not that Real Player has had a great track record lately but = I
suspect newer versions are better than old ones.
Rich
"Randy H" wrote in message =
news:3e2768da{at}w3.nls.net...
Some of these look old, but I'm not at all surpised.=20
"Geo." wrote in message =
news:3e2762a0{at}w3.nls.net...
"Randy H" wrote in message =
news:3e2756fa{at}w3.nls.net...
> What I'd like to know is how many new vulnerability vectors =
these
> new features have added.
2002-10-18: Windows Media Player For Solaris Default World =
Writeable Permissions Vulnerability=20
2002-08-22: Microsoft Windows Media Player File =
Attachment Script Execution Vulnerability=20
2002-07-30: Microsoft Windows Media Player Filename =
Buffer Overflow Vulnerability=20
2002-07-25: Windows Media Player IE Cache Path =
Disclosure Vulnerability=20
2002-06-27: Windows Media Player Playlist HTML Script =
Execution Vulnerability=20
2002-06-27: Windows Media Player WMDM Privilege =
Escalation Vulnerability=20
2001-11-20: Windows Media Player Internet Shortcut =
Execution Vulnerability=20
2001-11-20: Microsoft Windows Media Player .NSC File =
Buffer Overflow Vulnerability=20
2001-11-20: Microsoft Windows Media Player .ASF =
Marker Buffer Overflow Vulnerability=20
2001-08-13: Windows Media Player .ASX 'Version' =
Buffer Overflow Vulnerability=20
2001-05-26: Microsoft Windows Media Player .ASX =
Buffer Overflow Vulnerability=20
2001-05-02: Windows Media Player .ASX Buffer Overflow =
Vulnerability=20
2001-02-14: Microsoft Windows Media Player .WMZ =
Arbitrary Java Applet Vulnerability=20
2001-01-01: Microsoft Windows Media Player Javascript =
URL Vulnerability=20
2000-11-22: Microsoft Windows Media Player .WMS =
Arbitrary Script Vulnerability=20
2000-09-26: Microsoft Windows Media Player 7 Embedded =
OCX Control Vulnerability=20
=20
=20
------=_NextPart_001_005B_01C2BDC8.1401B400
Content-Type: text/html;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
We'll just have to wait and see what =
vulnerabilities do=20
surface with WMP9.
"Rich" <{at}> wrote in message news:3e279d79{at}w3.nls.net...
If you
were to look at =
these you=20
would find that the more recent more feature rich players have fewer =
issues=20
than older players pretty much refuting the insinuation that more =
features =3D=3D=20
more vulnerabilities. WMP 8.0 for Windows XP has two or if you =
stretch=20
three issues. Of those two, one was common to all players and =
one was an=20
old feature retained for compatility and the vulnerability was not =
with WMP=20
but an issue of WMP exposing something that could be used against =
something=20
else.
I
suspect if you look at =
other media=20
players you would likely find the same. Not that Real Player has =
had a=20
great track record lately but I suspect newer versions are better than =
old=20
ones.
Rich
"Randy H" <randy_holcomb{at}attglobal.netmailto:randy_holcomb{at}attglobal.net">randy_holcomb{at}attglobal.net
A>>=20
wrote in message news:3e2768da{at}w3.nls.net...
Some of these look old, but I'm not at all =
surpised.=20
"Geo." <georger{at}nls.net>=20">mailto:georger{at}nls.net">georger{at}nls.net>=20
wrote in message news:3e2762a0{at}w3.nls.net...
"Randy H"
<mailto:randy_holcomb{at}attglobal.net">
size=3D2>randy_holcomb{at}attglobal.net> =
wrote in=20
message news:3e2756fa{at}w3.nls.net...
> What I'd like to know is how
many new =
vulnerability=20
vectors these> new features have
added.
=20
![3D""=20](3D"<A)
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2002-10-18:
Windows">http://online.securityfocus.com/bid/6003">Windows Media=20
Player For Solaris Default World Writeable Permissions =
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2002-08-22:
Microsoft=20">http://online.securityfocus.com/bid/5543">Microsoft=20
Windows Media Player File Attachment Script Execution=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2002-07-30:
Microsoft=20">http://online.securityfocus.com/bid/5357">Microsoft=20
Windows Media Player Filename Buffer Overflow=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2002-07-25:
Windows">http://online.securityfocus.com/bid/5107">Windows Media=20
Player IE Cache Path Disclosure =
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2002-06-27:
Windows">http://online.securityfocus.com/bid/5110">Windows Media=20
Player Playlist HTML Script Execution =
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2002-06-27:
Windows">http://online.securityfocus.com/bid/5109">Windows Media=20
Player WMDM Privilege Escalation =
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-11-20:
Windows">http://online.securityfocus.com/bid/2765">Windows Media=20
Player Internet Shortcut Execution =
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-11-20:
Microsoft=20">http://online.securityfocus.com/bid/3105">Microsoft=20
Windows Media Player .NSC File Buffer Overflow=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-11-20:
Microsoft=20">http://online.securityfocus.com/bid/3156">Microsoft=20
Windows Media Player .ASF Marker Buffer Overflow=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-08-13:
Windows">http://online.securityfocus.com/bid/2686">Windows Media=20
Player .ASX 'Version' Buffer Overflow =
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-05-26:
Microsoft=20">http://online.securityfocus.com/bid/1980">Microsoft=20
Windows Media Player .ASX Buffer Overflow=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-05-02:
Windows">http://online.securityfocus.com/bid/2677">Windows Media=20
Player .ASX Buffer Overflow =
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-02-14:
Microsoft=20">http://online.securityfocus.com/bid/2203">Microsoft=20
Windows Media Player .WMZ Arbitrary Java Applet=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2001-01-01:
Microsoft=20">http://online.securityfocus.com/bid/2167">Microsoft=20
Windows Media Player Javascript URL =
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2000-11-22:
Microsoft=20">http://online.securityfocus.com/bid/1976">Microsoft=20
Windows Media Player .WMS Arbitrary Script=20
Vulnerability
http://online.securityfocus.com/sfonline/images/build/bllt_rd_1.gi=
f"=20
border=3D0>
2000-09-26:
Microsoft=20">http://online.securityfocus.com/bid/1714">Microsoft=20
Windows Media Player 7 Embedded OCX Control=20
=
Vulnerability
------=_NextPart_001_005B_01C2BDC8.1401B400--
------=_NextPart_000_005A_01C2BDC8.1401B400
Content-Type: image/gif;
name="bllt_rd_1.gif"
Content-Transfer-Encoding: base64
Content-Location: http://online.securityfocus.com/sfonline/images/build/bllt_rd
_1.gif
R0lGODlhBQAKAIAAAMDAwJYAGCH5BAEAAAAALAAAAAAFAAoAQAILhG8RyKC+2nlPqgIAOw==
------=_NextPart_000_005A_01C2BDC8.1401B400--
--- BBBS/NT v4.01 Flag-4
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/1.45)
SEEN-BY: 633/267 270
@PATH: 379/1 633/267
SOURCE: echomail via fidonet.ozzmosis.com
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.