Media player users beware: move vulns ahead

Discussion in 'Computer Support' started by Au79, Dec 11, 2007.

  1. Au79

    Au79 Guest

    Au79, Dec 11, 2007
    #1
    1. Advertising

  2. Au79

    Rôgêr Guest

    Au79 wrote:
    > Register - London,England,UK
    >
    > Secunia describes the Windows Media Player vulnerabilities as "highly
    > critical," the second-highest rating on Secunia's five-tier scale ...


    Is that like "terror alert orange"?
     
    Rôgêr, Dec 11, 2007
    #2
    1. Advertising

  3. Au79

    Fuzzy Logic Guest

    Au79 <> wrote in news:_ir7j.2917$:

    > Register - London,England,UK
    >
    > Secunia describes the Windows Media Player vulnerabilities as "highly
    > critical," the second-highest rating on Secunia's five-tier scale ...
    >
    ><http://www.theregister.co.uk/2007/12/10/3ivx_mp4_vuln/>
    >


    First the article is incorrect:

    A researcher who goes by the name SYS 49152 released exploit code here, here
    and here that targets Windows Media Player 6.4 and Windows Media Player
    Classic, which are made by Microsoft, and AOL's Winamp version 3.5. Each
    uses the 3ivx MP4 codec, which is vulnerable to a stack overflow.

    ---

    Windows Media Player Classic is not a Microsoft product.

    The patch for this vulnerability is part of this months WindowsUpdate
    releases. More info can be found here:

    http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx
     
    Fuzzy Logic, Dec 11, 2007
    #3
  4. Au79

    Sunny Guest

    "Au79" <> wrote in message
    news:_ir7j.2917$...
    > Register - London,England,UK
    >
    > Secunia describes the Windows Media Player vulnerabilities as "highly
    > critical," the second-highest rating on Secunia's five-tier scale ...


    May have to play "secure" Linux music ?
     
    Sunny, Dec 12, 2007
    #4
  5. Au79

    Au79 Guest

    Fuzzy Logic wrote:

    > Au79 <> wrote in news:_ir7j.2917$:
    >
    >> Register - London,England,UK
    >>
    >> Secunia describes the Windows Media Player vulnerabilities as "highly
    >> critical," the second-highest rating on Secunia's five-tier scale ...
    >>
    >><http://www.theregister.co.uk/2007/12/10/3ivx_mp4_vuln/>
    >>

    >
    > First the article is incorrect:
    >
    > A researcher who goes by the name SYS 49152 released exploit code here,
    > here and here that targets Windows Media Player 6.4 and Windows Media
    > Player Classic, which are made by Microsoft, and AOL's Winamp version 3.5.
    > Each uses the 3ivx MP4 codec, which is vulnerable to a stack overflow.
    >
    > ---
    >
    > Windows Media Player Classic is not a Microsoft product.
    >
    > The patch for this vulnerability is part of this months WindowsUpdate
    > releases. More info can be found here:
    >
    > http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx


    Great, all the while millions of computers have already been compromised.
    Doesn't ms windos really, really suck? Why, yes, it really does! Patches
    and all.


    --
    ....................
    http://www.vanwensveen.nl/rants/microsoft/IhateMS.html
    http://rixstep.com/1/20040719,00.shtml
    http://en.wikipedia.org/wiki/Linux
    http://www.ubuntu.com
     
    Au79, Dec 12, 2007
    #5
  6. Au79

    Fuzzy Logic Guest

    Au79 <> wrote in news:5mM7j.6824$:

    > Fuzzy Logic wrote:
    >
    >> Au79 <> wrote in news:_ir7j.2917$:
    >>
    >>> Register - London,England,UK
    >>>
    >>> Secunia describes the Windows Media Player vulnerabilities as "highly
    >>> critical," the second-highest rating on Secunia's five-tier scale ...
    >>>
    >>><http://www.theregister.co.uk/2007/12/10/3ivx_mp4_vuln/>
    >>>

    >>
    >> First the article is incorrect:
    >>
    >> A researcher who goes by the name SYS 49152 released exploit code here,
    >> here and here that targets Windows Media Player 6.4 and Windows Media
    >> Player Classic, which are made by Microsoft, and AOL's Winamp version

    3.5.
    >> Each uses the 3ivx MP4 codec, which is vulnerable to a stack overflow.
    >>
    >> ---
    >>
    >> Windows Media Player Classic is not a Microsoft product.
    >>
    >> The patch for this vulnerability is part of this months WindowsUpdate
    >> releases. More info can be found here:
    >>
    >> http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx

    >
    > Great, all the while millions of computers have already been compromised.
    > Doesn't ms windos really, really suck? Why, yes, it really does! Patches
    > and all.


    You are of course entitled to your opinion. I don't agree with it.

    Again this vulnerability would require the user to open a specially crafted
    file (social engineering) to take advantage of this vulnerability. You have
    already admitted that your beloved OS is also vulnerable to social
    engineering attacks. It's extremely unlikely that millions of computers have
    been comprimised as a result of this vulnerability. Feel free to supply
    statistics to the contrary.
     
    Fuzzy Logic, Dec 12, 2007
    #6
  7. Au79

    Sunny Guest

    "Au79" <> wrote in message
    news:5mM7j.6824$...
    > Great, all the while millions of computers have already been
    > compromised.
    > Doesn't ms windos really, really suck? Why, yes, it really does! Patches
    > and all.


    What's your problem? you don't use Windows.
    Do you have problems with lots of things you don't use?
     
    Sunny, Dec 13, 2007
    #7
  8. Au79

    Au79 Guest

    Sunny wrote:

    >
    > "Au79" <> wrote in message
    > news:5mM7j.6824$...
    >> Great, all the while millions of computers have already been
    >> compromised.
    >> Doesn't ms windos really, really suck? Why, yes, it really does! Patches
    >> and all.

    >
    > What's your problem? you don't use Windows.
    > Do you have problems with lots of things you don't use?


    Sometimes, such as bloody cigarettes.

    --
    ....................
    http://www.vanwensveen.nl/rants/microsoft/IhateMS.html
    http://rixstep.com/1/20040719,00.shtml
    http://en.wikipedia.org/wiki/Linux
    http://www.ubuntu.com
     
    Au79, Dec 13, 2007
    #8
  9. Au79

    Au79 Guest

    Fuzzy Logic wrote:

    > Au79 <> wrote in news:5mM7j.6824$:
    >
    >> Fuzzy Logic wrote:
    >>
    >>> Au79 <> wrote in news:_ir7j.2917$:
    >>>
    >>>> Register - London,England,UK
    >>>>
    >>>> Secunia describes the Windows Media Player vulnerabilities as "highly
    >>>> critical," the second-highest rating on Secunia's five-tier scale ...
    >>>>
    >>>><http://www.theregister.co.uk/2007/12/10/3ivx_mp4_vuln/>
    >>>>
    >>>
    >>> First the article is incorrect:
    >>>
    >>> A researcher who goes by the name SYS 49152 released exploit code here,
    >>> here and here that targets Windows Media Player 6.4 and Windows Media
    >>> Player Classic, which are made by Microsoft, and AOL's Winamp version

    > 3.5.
    >>> Each uses the 3ivx MP4 codec, which is vulnerable to a stack overflow.
    >>>
    >>> ---
    >>>
    >>> Windows Media Player Classic is not a Microsoft product.
    >>>
    >>> The patch for this vulnerability is part of this months WindowsUpdate
    >>> releases. More info can be found here:
    >>>
    >>> http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx

    >>
    >> Great, all the while millions of computers have already been compromised.
    >> Doesn't ms windos really, really suck? Why, yes, it really does! Patches
    >> and all.

    >
    > You are of course entitled to your opinion. I don't agree with it.
    >
    > Again this vulnerability would require the user to open a specially
    > crafted file (social engineering) to take advantage of this vulnerability.
    > You have already admitted that your beloved OS is also vulnerable to
    > social engineering attacks. It's extremely unlikely that millions of
    > computers have been comprimised as a result of this vulnerability. Feel
    > free to supply statistics to the contrary.


    You very well know that the number of exploitative vulnerabilities which
    require NO user cooperation are legion in your ms world.

    Windos has many, many transmitable diseases that require user awareness,
    user education, and user protection from the AV mafia. Yet who's going to
    argue that a windos machine can be "hit" without the user ever knowing
    about it?

    I hope not you fuz, that would be unthinkable.

    --
    ....................
    http://www.vanwensveen.nl/rants/microsoft/IhateMS.html
    http://rixstep.com/1/20040719,00.shtml
    http://en.wikipedia.org/wiki/Linux
    http://www.ubuntu.com
     
    Au79, Dec 13, 2007
    #9
  10. Au79

    Fuzzy Logic Guest

    Au79 <> wrote in news:OO48j.3999$:

    > Fuzzy Logic wrote:
    >
    >> Au79 <> wrote in news:5mM7j.6824$:
    >>
    >>> Fuzzy Logic wrote:
    >>>
    >>>> Au79 <> wrote in news:_ir7j.2917$:
    >>>>
    >>>>> Register - London,England,UK
    >>>>>
    >>>>> Secunia describes the Windows Media Player vulnerabilities as
    >>>>> "highly critical," the second-highest rating on Secunia's five-tier
    >>>>> scale ...
    >>>>>
    >>>>><http://www.theregister.co.uk/2007/12/10/3ivx_mp4_vuln/>
    >>>>>
    >>>>
    >>>> First the article is incorrect:
    >>>>
    >>>> A researcher who goes by the name SYS 49152 released exploit code
    >>>> here, here and here that targets Windows Media Player 6.4 and Windows
    >>>> Media Player Classic, which are made by Microsoft, and AOL's Winamp
    >>>> version

    >> 3.5.
    >>>> Each uses the 3ivx MP4 codec, which is vulnerable to a stack
    >>>> overflow.
    >>>>
    >>>> ---
    >>>>
    >>>> Windows Media Player Classic is not a Microsoft product.
    >>>>
    >>>> The patch for this vulnerability is part of this months WindowsUpdate
    >>>> releases. More info can be found here:
    >>>>
    >>>> http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx
    >>>
    >>> Great, all the while millions of computers have already been
    >>> compromised. Doesn't ms windos really, really suck? Why, yes, it
    >>> really does! Patches and all.

    >>
    >> You are of course entitled to your opinion. I don't agree with it.
    >>
    >> Again this vulnerability would require the user to open a specially
    >> crafted file (social engineering) to take advantage of this
    >> vulnerability. You have already admitted that your beloved OS is also
    >> vulnerable to social engineering attacks. It's extremely unlikely that
    >> millions of computers have been comprimised as a result of this
    >> vulnerability. Feel free to supply statistics to the contrary.

    >
    > You very well know that the number of exploitative vulnerabilities which
    > require NO user cooperation are legion in your ms world.


    Name 3 such vulnerabilities that haven't been patched? I assume you mean
    that no user intervention means it will happen with just the computer on
    and connected to the Internet. If I have to visit a malicious web site or
    open some file that's social engineering.

    > Windos has many, many transmitable diseases that require user awareness,
    > user education, and user protection from the AV mafia. Yet who's going
    > to argue that a windos machine can be "hit" without the user ever
    > knowing about it?
    >
    > I hope not you fuz, that would be unthinkable.


    I will admit that this is possible but VERY RARE if your machine is
    properly maintained and you practice safe computing. Of course if you
    frequent porn and warez sites, click on every link emailed to you and open
    every attachment you will likely be in big trouble in short order.
     
    Fuzzy Logic, Dec 13, 2007
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Joe
    Replies:
    49
    Views:
    1,162
  2. 7

    Re: Oops, IE users, beware.

    7, Nov 30, 2005, in forum: Computer Support
    Replies:
    2
    Views:
    422
    new identity
    Nov 30, 2005
  3. Alan
    Replies:
    3
    Views:
    1,892
  4. XPD

    vista users beware....

    XPD, Oct 8, 2006, in forum: NZ Computing
    Replies:
    83
    Views:
    1,642
    Lawrence D'Oliveiro
    Dec 9, 2006
  5. Amey Abhyankar.

    "MCNGP" a SPAM ! Beware users !!

    Amey Abhyankar., Apr 6, 2005, in forum: MCSA
    Replies:
    2
    Views:
    499
    Rowdy Yates
    Apr 6, 2005
Loading...

Share This Page