Au79 <> wrote in news:OO48j.3999$:
> Fuzzy Logic wrote:
>
>> Au79 <> wrote in news:5mM7j.6824$:
>>
>>> Fuzzy Logic wrote:
>>>
>>>> Au79 <> wrote in news:_ir7j.2917$:
>>>>
>>>>> Register - London,England,UK
>>>>>
>>>>> Secunia describes the Windows Media Player vulnerabilities as
>>>>> "highly critical," the second-highest rating on Secunia's five-tier
>>>>> scale ...
>>>>>
>>>>><http://www.theregister.co.uk/2007/12/10/3ivx_mp4_vuln/>
>>>>>
>>>>
>>>> First the article is incorrect:
>>>>
>>>> A researcher who goes by the name SYS 49152 released exploit code
>>>> here, here and here that targets Windows Media Player 6.4 and Windows
>>>> Media Player Classic, which are made by Microsoft, and AOL's Winamp
>>>> version
>> 3.5.
>>>> Each uses the 3ivx MP4 codec, which is vulnerable to a stack
>>>> overflow.
>>>>
>>>> ---
>>>>
>>>> Windows Media Player Classic is not a Microsoft product.
>>>>
>>>> The patch for this vulnerability is part of this months WindowsUpdate
>>>> releases. More info can be found here:
>>>>
>>>> http://www.microsoft.com/technet/sec.../MS07-068.mspx
>>>
>>> Great, all the while millions of computers have already been
>>> compromised. Doesn't ms windos really, really suck? Why, yes, it
>>> really does! Patches and all.
>>
>> You are of course entitled to your opinion. I don't agree with it.
>>
>> Again this vulnerability would require the user to open a specially
>> crafted file (social engineering) to take advantage of this
>> vulnerability. You have already admitted that your beloved OS is also
>> vulnerable to social engineering attacks. It's extremely unlikely that
>> millions of computers have been comprimised as a result of this
>> vulnerability. Feel free to supply statistics to the contrary.
>
> You very well know that the number of exploitative vulnerabilities which
> require NO user cooperation are legion in your ms world.
Name 3 such vulnerabilities that haven't been patched? I assume you mean
that no user intervention means it will happen with just the computer on
and connected to the Internet. If I have to visit a malicious web site or
open some file that's social engineering.
> Windos has many, many transmitable diseases that require user awareness,
> user education, and user protection from the AV mafia. Yet who's going
> to argue that a windos machine can be "hit" without the user ever
> knowing about it?
>
> I hope not you fuz, that would be unthinkable.
I will admit that this is possible but VERY RARE if your machine is
properly maintained and you practice safe computing. Of course if you
frequent porn and warez sites, click on every link emailed to you and open
every attachment you will likely be in big trouble in short order.
Similar Threads
