Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Media player users beware: move vulns ahead

Reply
Thread Tools

Media player users beware: move vulns ahead

 
 
Au79
Guest
Posts: n/a
 
      12-11-2007
Register - London,England,UK

Secunia describes the Windows Media Player vulnerabilities as "highly
critical," the second-highest rating on Secunia's five-tier scale ...

<http://www.theregister.co.uk/2007/12/10/3ivx_mp4_vuln/>

--
....................
http://www.vanwensveen.nl/rants/microsoft/IhateMS.html
http://rixstep.com/1/20040719,00.shtml
http://en.wikipedia.org/wiki/Linux
http://www.ubuntu.com
 
Reply With Quote
 
 
 
 
Rgr
Guest
Posts: n/a
 
      12-11-2007
Au79 wrote:
> Register - London,England,UK
>
> Secunia describes the Windows Media Player vulnerabilities as "highly
> critical," the second-highest rating on Secunia's five-tier scale ...


Is that like "terror alert orange"?
 
Reply With Quote
 
 
 
 
Fuzzy Logic
Guest
Posts: n/a
 
      12-11-2007
Au79 <(E-Mail Removed)> wrote in news:_ir7j.2917$(E-Mail Removed):

> Register - London,England,UK
>
> Secunia describes the Windows Media Player vulnerabilities as "highly
> critical," the second-highest rating on Secunia's five-tier scale ...
>
><http://www.theregister.co.uk/2007/12/10/3ivx_mp4_vuln/>
>


First the article is incorrect:

A researcher who goes by the name SYS 49152 released exploit code here, here
and here that targets Windows Media Player 6.4 and Windows Media Player
Classic, which are made by Microsoft, and AOL's Winamp version 3.5. Each
uses the 3ivx MP4 codec, which is vulnerable to a stack overflow.

---

Windows Media Player Classic is not a Microsoft product.

The patch for this vulnerability is part of this months WindowsUpdate
releases. More info can be found here:

http://www.microsoft.com/technet/sec.../MS07-068.mspx
 
Reply With Quote
 
Sunny
Guest
Posts: n/a
 
      12-12-2007

"Au79" <(E-Mail Removed)> wrote in message
news:_ir7j.2917$(E-Mail Removed)...
> Register - London,England,UK
>
> Secunia describes the Windows Media Player vulnerabilities as "highly
> critical," the second-highest rating on Secunia's five-tier scale ...


May have to play "secure" Linux music ?


 
Reply With Quote
 
Au79
Guest
Posts: n/a
 
      12-12-2007
Fuzzy Logic wrote:

> Au79 <(E-Mail Removed)> wrote in news:_ir7j.2917$(E-Mail Removed):
>
>> Register - London,England,UK
>>
>> Secunia describes the Windows Media Player vulnerabilities as "highly
>> critical," the second-highest rating on Secunia's five-tier scale ...
>>
>><http://www.theregister.co.uk/2007/12/10/3ivx_mp4_vuln/>
>>

>
> First the article is incorrect:
>
> A researcher who goes by the name SYS 49152 released exploit code here,
> here and here that targets Windows Media Player 6.4 and Windows Media
> Player Classic, which are made by Microsoft, and AOL's Winamp version 3.5.
> Each uses the 3ivx MP4 codec, which is vulnerable to a stack overflow.
>
> ---
>
> Windows Media Player Classic is not a Microsoft product.
>
> The patch for this vulnerability is part of this months WindowsUpdate
> releases. More info can be found here:
>
> http://www.microsoft.com/technet/sec.../MS07-068.mspx


Great, all the while millions of computers have already been compromised.
Doesn't ms windos really, really suck? Why, yes, it really does! Patches
and all.


--
....................
http://www.vanwensveen.nl/rants/microsoft/IhateMS.html
http://rixstep.com/1/20040719,00.shtml
http://en.wikipedia.org/wiki/Linux
http://www.ubuntu.com
 
Reply With Quote
 
Fuzzy Logic
Guest
Posts: n/a
 
      12-12-2007
Au79 <(E-Mail Removed)> wrote in news:5mM7j.6824$(E-Mail Removed):

> Fuzzy Logic wrote:
>
>> Au79 <(E-Mail Removed)> wrote in news:_ir7j.2917$(E-Mail Removed):
>>
>>> Register - London,England,UK
>>>
>>> Secunia describes the Windows Media Player vulnerabilities as "highly
>>> critical," the second-highest rating on Secunia's five-tier scale ...
>>>
>>><http://www.theregister.co.uk/2007/12/10/3ivx_mp4_vuln/>
>>>

>>
>> First the article is incorrect:
>>
>> A researcher who goes by the name SYS 49152 released exploit code here,
>> here and here that targets Windows Media Player 6.4 and Windows Media
>> Player Classic, which are made by Microsoft, and AOL's Winamp version

3.5.
>> Each uses the 3ivx MP4 codec, which is vulnerable to a stack overflow.
>>
>> ---
>>
>> Windows Media Player Classic is not a Microsoft product.
>>
>> The patch for this vulnerability is part of this months WindowsUpdate
>> releases. More info can be found here:
>>
>> http://www.microsoft.com/technet/sec.../MS07-068.mspx

>
> Great, all the while millions of computers have already been compromised.
> Doesn't ms windos really, really suck? Why, yes, it really does! Patches
> and all.


You are of course entitled to your opinion. I don't agree with it.

Again this vulnerability would require the user to open a specially crafted
file (social engineering) to take advantage of this vulnerability. You have
already admitted that your beloved OS is also vulnerable to social
engineering attacks. It's extremely unlikely that millions of computers have
been comprimised as a result of this vulnerability. Feel free to supply
statistics to the contrary.
 
Reply With Quote
 
Sunny
Guest
Posts: n/a
 
      12-13-2007

"Au79" <(E-Mail Removed)> wrote in message
news:5mM7j.6824$(E-Mail Removed)...
> Great, all the while millions of computers have already been
> compromised.
> Doesn't ms windos really, really suck? Why, yes, it really does! Patches
> and all.


What's your problem? you don't use Windows.
Do you have problems with lots of things you don't use?


 
Reply With Quote
 
Au79
Guest
Posts: n/a
 
      12-13-2007
Sunny wrote:

>
> "Au79" <(E-Mail Removed)> wrote in message
> news:5mM7j.6824$(E-Mail Removed)...
>> Great, all the while millions of computers have already been
>> compromised.
>> Doesn't ms windos really, really suck? Why, yes, it really does! Patches
>> and all.

>
> What's your problem? you don't use Windows.
> Do you have problems with lots of things you don't use?


Sometimes, such as bloody cigarettes.

--
....................
http://www.vanwensveen.nl/rants/microsoft/IhateMS.html
http://rixstep.com/1/20040719,00.shtml
http://en.wikipedia.org/wiki/Linux
http://www.ubuntu.com
 
Reply With Quote
 
Au79
Guest
Posts: n/a
 
      12-13-2007
Fuzzy Logic wrote:

> Au79 <(E-Mail Removed)> wrote in news:5mM7j.6824$(E-Mail Removed):
>
>> Fuzzy Logic wrote:
>>
>>> Au79 <(E-Mail Removed)> wrote in news:_ir7j.2917$(E-Mail Removed):
>>>
>>>> Register - London,England,UK
>>>>
>>>> Secunia describes the Windows Media Player vulnerabilities as "highly
>>>> critical," the second-highest rating on Secunia's five-tier scale ...
>>>>
>>>><http://www.theregister.co.uk/2007/12/10/3ivx_mp4_vuln/>
>>>>
>>>
>>> First the article is incorrect:
>>>
>>> A researcher who goes by the name SYS 49152 released exploit code here,
>>> here and here that targets Windows Media Player 6.4 and Windows Media
>>> Player Classic, which are made by Microsoft, and AOL's Winamp version

> 3.5.
>>> Each uses the 3ivx MP4 codec, which is vulnerable to a stack overflow.
>>>
>>> ---
>>>
>>> Windows Media Player Classic is not a Microsoft product.
>>>
>>> The patch for this vulnerability is part of this months WindowsUpdate
>>> releases. More info can be found here:
>>>
>>> http://www.microsoft.com/technet/sec.../MS07-068.mspx

>>
>> Great, all the while millions of computers have already been compromised.
>> Doesn't ms windos really, really suck? Why, yes, it really does! Patches
>> and all.

>
> You are of course entitled to your opinion. I don't agree with it.
>
> Again this vulnerability would require the user to open a specially
> crafted file (social engineering) to take advantage of this vulnerability.
> You have already admitted that your beloved OS is also vulnerable to
> social engineering attacks. It's extremely unlikely that millions of
> computers have been comprimised as a result of this vulnerability. Feel
> free to supply statistics to the contrary.


You very well know that the number of exploitative vulnerabilities which
require NO user cooperation are legion in your ms world.

Windos has many, many transmitable diseases that require user awareness,
user education, and user protection from the AV mafia. Yet who's going to
argue that a windos machine can be "hit" without the user ever knowing
about it?

I hope not you fuz, that would be unthinkable.

--
....................
http://www.vanwensveen.nl/rants/microsoft/IhateMS.html
http://rixstep.com/1/20040719,00.shtml
http://en.wikipedia.org/wiki/Linux
http://www.ubuntu.com
 
Reply With Quote
 
Fuzzy Logic
Guest
Posts: n/a
 
      12-13-2007
Au79 <(E-Mail Removed)> wrote in news:OO48j.3999$(E-Mail Removed):

> Fuzzy Logic wrote:
>
>> Au79 <(E-Mail Removed)> wrote in news:5mM7j.6824$(E-Mail Removed):
>>
>>> Fuzzy Logic wrote:
>>>
>>>> Au79 <(E-Mail Removed)> wrote in news:_ir7j.2917$(E-Mail Removed):
>>>>
>>>>> Register - London,England,UK
>>>>>
>>>>> Secunia describes the Windows Media Player vulnerabilities as
>>>>> "highly critical," the second-highest rating on Secunia's five-tier
>>>>> scale ...
>>>>>
>>>>><http://www.theregister.co.uk/2007/12/10/3ivx_mp4_vuln/>
>>>>>
>>>>
>>>> First the article is incorrect:
>>>>
>>>> A researcher who goes by the name SYS 49152 released exploit code
>>>> here, here and here that targets Windows Media Player 6.4 and Windows
>>>> Media Player Classic, which are made by Microsoft, and AOL's Winamp
>>>> version

>> 3.5.
>>>> Each uses the 3ivx MP4 codec, which is vulnerable to a stack
>>>> overflow.
>>>>
>>>> ---
>>>>
>>>> Windows Media Player Classic is not a Microsoft product.
>>>>
>>>> The patch for this vulnerability is part of this months WindowsUpdate
>>>> releases. More info can be found here:
>>>>
>>>> http://www.microsoft.com/technet/sec.../MS07-068.mspx
>>>
>>> Great, all the while millions of computers have already been
>>> compromised. Doesn't ms windos really, really suck? Why, yes, it
>>> really does! Patches and all.

>>
>> You are of course entitled to your opinion. I don't agree with it.
>>
>> Again this vulnerability would require the user to open a specially
>> crafted file (social engineering) to take advantage of this
>> vulnerability. You have already admitted that your beloved OS is also
>> vulnerable to social engineering attacks. It's extremely unlikely that
>> millions of computers have been comprimised as a result of this
>> vulnerability. Feel free to supply statistics to the contrary.

>
> You very well know that the number of exploitative vulnerabilities which
> require NO user cooperation are legion in your ms world.


Name 3 such vulnerabilities that haven't been patched? I assume you mean
that no user intervention means it will happen with just the computer on
and connected to the Internet. If I have to visit a malicious web site or
open some file that's social engineering.

> Windos has many, many transmitable diseases that require user awareness,
> user education, and user protection from the AV mafia. Yet who's going
> to argue that a windos machine can be "hit" without the user ever
> knowing about it?
>
> I hope not you fuz, that would be unthinkable.


I will admit that this is possible but VERY RARE if your machine is
properly maintained and you practice safe computing. Of course if you
frequent porn and warez sites, click on every link emailed to you and open
every attachment you will likely be in big trouble in short order.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows 7, Media Player - Settings for Media Serving NOT being savedfor Home Group Tim Wells Windows 64bit 0 10-27-2009 01:26 PM
Media player / Media Center? Channelkat Windows 64bit 1 03-25-2008 04:50 PM
Windows Media Player - Download Media Info From Internet is Greyed Out Alan NZ Computing 3 02-27-2006 10:38 PM
How to show a Real Player or Media Player on my Web page? cyshao ASP .Net 1 04-12-2005 02:10 AM
mp3 player windows media player Bigfred Computer Support 1 10-28-2003 09:46 PM



Advertisments