Slashdot Mirror
Zero Day Exploit Found in Windows Media Player
filenavigator writes "Another zero day flaw has been reported in Windows Media player. It comes only one day after a serious zero day flaw was found in word. The flaw is dangerous because it involves IE and Outlook's ability to automatically launch .asx files. No fix from Microsoft has been announced yet."
Seems to be a bit like finding holes in swiss chese... inevitable....
Physics is nothing like religion. If it was, we'd have an easier time trying to raise money!
Must be Thursday.
P.S.,
This is what part of the alphabet would look like if Q and R were eliminated.
I know overflows are bad, but I honestly don't know much about how the allocator in a typical OS or RTL works. Could such a small (2-4 byte) overflow be used to execute arbitrary code? Is it actually possible to use that small of an overflow to screw up the allocator so badly that it'll execute arbitrary code? Or is this just a potential denial of service?
using namespace slashdot;
troll::post();
the second Zero Day Expoilt, or have i lost count
FYI, this does not seem to affect Windows Media Player 11, which is available via Windows Update or the WMP site.
It also does not affect Vista, both because Vista comes with WMP 11, and thanks to IE7 running in protected mode. This would likely cause the browser to crash, however.
..., it's a flaw. I'll be impressed if someone can do anything with a 4 bytes heap overflow that happens at a single spot in the program they don'T control. Under ideal circumstances, they'll be able to tamper an integer in WMP.
A buffer overflow is a buffer overflow, but if you RTFA... you discover that the maximum overflow of the buffer is four bytes. Anybody know of any four-byte long spyware programs?
Didn't think so.
Nothing to see here. Move Along.
as people have commented, then why is it zero day? Doesn't zero day mean there is an exploit already?
Since when did a "potentially exploitable heap buffer overflow" become a zero-day exploit?
for those people that don't understand security or how to exploit a buffer overflow, In many cases 1 byte can be enough, you rewrite a function return address with your own address. That does not mean this is definitely exploitable, but don't let the fact that it is only 4 bytes fool you.
It worked for Knuth
The man in black fled across the desert, and the gunslinger followed (SK)
Nah.
x86 processors have a local jump instruction that is 4 bytes long. If the exploiter is able to get his code loaded within range of that jump instruction, you're fucked. And really, getting code loaded like that is not a difficult thing to do.
In fact, many x86 operating systems have used such a technique to dynamically patch kernel code. They insert a couple of nop operations after a function prologue. These operations normally do nothing, but can be replaced with a jump instruction at runtime. This allows for the instructions of the existing function to be replaced with ease.
Doesn't affect my Vista machine. Nor my XP Pro machine running IE7 + WMP 11.
Seeing things like this, I can't help but wonder what it might look like if every time a flaw was discovered in *Nix, and a security advisory (even if barely remotely applicable, as in this case) were released,and slashdotted. Maybe this post is flamebait too (seems to be my trend as of late), maybe not. But the title of this particular post, is pretty misleading.
0 day flaw! Congratulations. It's software. I still play games that if they run for more than 2 hours I'm lucky. The real problem is the testing, and the coding that goes into these. You fix one thing, and something else inevitably breaks.
How often does a kernel update in Linux break something that you now have to update, or sometimes roll back alltogether because they won't work.
This post is as Overdramatic as going nuts every single time something in Linux broke or didn't work right. Sometimes MS deserves to be thumped on the head. This time though, seriously, come on. Tell you what, run your 4 byte program that is gonna hax0r my computer. I invite it, might give me something to do.
Umm, do you know what you're talking about? All you do is jump over to your NOOP slide or whatever embedded in the data that slides all the way down to the program disguised as some part of the ASX file.
I don't know how large they are in x86 assembly, but the 86HC11 I used to write for didn't have any instructions bigger than four bytes unless I sadly misremember. Four bytes would've been plenty.
Don't laugh. Plenty of exploits have been coded that have more difficult requirements for the exploit to work.
Any piece of software is vulnerable to these sorts of attacks; the only way to prevent them is with flagging memory as unwritable (and possibly randomizing the memory blocks). Thank you, PaX.
Where's the "-1, Gay" modifier when you need it?
I want to delete my account but Slashdot doesn't allow it.
Um, how can you flag memory as unwritable if you need to write to it?
to botnet creators.
Microsoft have just given advance notification of what their bundle of patches to be released next Tuesday will contain. There are five general Windows bulletins there - no surprise that the most severe is 'critical' - but I'm kind of surprised to see they have no intention of shipping any Office-related fixes.
But it is not a flaw in the DRM, ao why ahould Microsoft care?
It's the one where Microsoft decided they will decide when and where and on what devices to allow you to play your media.
y er/faq/drm.mspx
4 523 is in plain engrish.
Any bright minds out there that willingly use these things lost control of all of their personal media.
http://www.microsoft.com/windows/windowsmedia/pla
http://www.theinquirer.net/default.aspx?article=3
I certainly hope you aren't running either Vista or WMP11.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
That sounds to me like something could *potentially* happen, but they haven't been able to actually prove it yet. And, the date on this discovery (according to the source article) was over two weeks ago. By now, wouldn't they have concluded something with their research?
The company does, however, sell a product to help mitigate "issues" like this.. which they link to at the bottom of their article.
-David
in.... Linux
Where's the "-1, Gay" modifier when you need it?
It got removed from slashcode at the same time the "-1, Nigger" mod went.
As a Windows user experimenting with Linux, I managed to make Linux kernel panic the very first time I booted it from my hard drive.
Of course I was trying to configure grub to triple boot manually... on Slackware. Ubuntu has it's own share of problems, like thinking my computer is running on GMT and "fixing" my clock for me to what it thinks is the actual local time. Then when I set it to the correct time, I can't use sudo or su for five hours because of a stupid sudo timestamp (I eventually figured out how to clear it but Joe Average wouldn't have).
The one really neat thing Linux has going for it is packages and automatic program installation and such... of course Joe Average isn't going to care about such things, since he just dumps everything in Program Files anyways and never knows.
Here, apparently.
He's not gay. If he were gay, he'd be telling us to buy a Mac.
"Live as if you'll die tomorrow." Ridiculous. You could die later today.
Goatse obviated the need for it. I suppose we *could* bring it back for the MS exploit articles, though.
C|N>K
4 bytes should be enough for anybody
First thing you you should do on a new N00buntu installation is `sudo passwd root` and set a strong password, so you don't have to deal with that sudo bullshit. If anyone gives you shit over this tell them an anonymous coward from slashdot said they are fucking idiot....and then backhand them across the face.
Good luck in your Linux adventures, and by sure to watch out for the evil binary blob monster.
Just re-installed Windows on a computer and updated everything except WMP11.
Don't worry I installed Debian too.
With WMP11, both your DRMed music and your clear music will play. On other platforms, only your clear music will play. Well, on the Apple platform your Apple DRMed music will play. (Speaking of Apple, it should be known that their DRM is just as bad).
If you don't like DRM, don't buy DRMed music. WMP11 will play your clear music just fine. Meanwhile, people who are buying DRMed music will be able to play it in WMP11 without affecting the experience of those who refuse to buy DRMed music.
Also, it is not Microsoft that chooses when, where, and on what devices you may play your media. They merely provided the mechanisms that allow content providers to make those decisions. Content providers are free to let you do anything you want with your music, or provide clear content entirely. Again, if you think a content provider's policy is too restrictive, do not buy music from them.
In short, I fail to see where this is a failing of WMP11 or Vista.
Is it just me, or did these "zero day exploits" suddenly come out of nowhere?
We used to hear about all kinds of interesting security vulnerabilities, flaws, buffer overruns, etc. Did someone reclassify everything as a "zero day exploit"?
Any bright minds out there that willingly use these things lost control of all of their personal media.
You're telling me that I've 'lost control' of the huge collection of Old Radio Program MP3s I have stuck in folder on the D:\ drive???
It's ludicrous to think that my, or anybody's 'control of all personal media' is governed by a binary on some Windoze box in a corner of their room.
I suppose it matters if you only have one peecee in your 'room' and mom decrees that you can only have Windoze installed on it.
Was a new version of Windows Media Player released today or something?
http://outcampaign.org/
Look the definition up.
If there's no exploit yet, it's not a zero-day flaw, it's just a hole in the software that *can* be exploited, either today or later.
Zero-day means that *right now* there are people already exploiting it, which the article does NOT state.
For me, winamp has always handled as much of windows media player file types as possble.
"Zero day" is only used cuz it sounds scary. First of all, it sounds like one particular problem with entering zero as a value for day in a program. Second, they said they definition specifically is an exploit that was just discovered and used immediately "in the wild." How the hell would they know how long people have been exploiting it and how long they've known about it before they implemented it. It's really just a stupid media ploy. Btw I'm a programmer and I can tell you that this exploit is relatively not dangerous at all because it's so difficult to exploit compared to other wide open holes that have been discovered like that one in IE that lets sites read your passwords for other sites without you really having to do anything or knowing it's happening. Now THAT is a security hole. I think a bigger security hole is the fact that wmv files can launch links to webpages and force you to download a file from them and they designed it that way on purpose because of DRM!!!!!
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
You're telling me that I've 'lost control' of the huge collection of Old Radio Program MP3s I have stuck in folder on the D:\ drive???
Uncertain. Hopefully you aren't getting the content from CD's. This is verbatim from the EULA:
"If the file is a song you ripped from a CD with the Copy protect music option turned on, you might be able to restore your usage rights by playing the file. You will be prompted to connect to a Microsoft Web page that explains how to restore your rights a limited number of times."
So, the CD you paid for unlimited rights to play where you want has been revoked. Permanently.
And you agreed to it. Can you go back to WMP10?
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
What is this 'copy protection music option' and what bit does it set in my Old Radio Show .mp3 files??
I paid for unlimited rights to play the CD. So I stick it in a CD player (i.e. in the dashboard of my car) and it plays.
Dunno what any of this has to do with Windows. I've certainly not 'lost control' of anything.
It is just slightly below: "Nothing to see here, please move along".
Excuse me, but please get off my Pennisetum Clandestinum, eh!
....please mod parent down to fucking retard, mod parent's parent down to master of the fucking obvious.
Have you ever tried installing windows media player past version 7 in wine? Even if you did manage to get it working and intentionally direct your media player to an exploit file, the exploit (if it worked at all) would be restrained to wine's boundaries... so unless you're ignorant enough to mount / as the virtual c drive in wine... there's no way this would even effect your linux box in the least. And this is all specualtion, I doubt you could even get it to do anything but crash wmp and wine.
You can't take the sky from me.
Not true. It only happens if input is not range checked. It usually means that some lazy idiot used one of the zero terminated string functions in C, instead of the new ones that have an explicit length. For example, strcpy() instead of strncpy().
Excuse me, but please get off my Pennisetum Clandestinum, eh!
This flaw is not "barely remotely applicable".
The vast majority of Windows users do not run Vista, IE7, or WMP11, even though all are technically available.
So this particular flaw affects most Windows users, and is thus important to those that have to deal with these users and/or their computers.
Perl - $Just @when->$you ${thought} s/yn/tax/ &couldn\'t %get $worse;
Having your computer decide for you what you're allowed to see or hear is something many people do not like.
wtf, where's the exploit??? This is just an announcement of a weakness... TFA calls it a Zero-Day Flaw...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
Back in the days when I was young, 0-Day was warez-slang, but now it has become some mainstream buzzword.
Not a long time until they start to replace "new" for "zero day" in advertising. Remember where you heard it first.
The Zero Day Kids On The Block. Zero Day York, Zero Day York.
Do not trust this signature.
VideoLAN - VLC Media Player is an all-in-one open source and cross platform program which does much more than WMP: it's an user-friendly player, but also a powerful and flexible transcoder for almost every audio/video format and even a stream server supporting various network protocols.
Worth a try as a better replacement, especially for power users.
There's a browser safer than Firefox, it is Firefox, with NoScript
How surprising is this. MS have been sitting on this information for a long time and now it's the most profitable moment to announce them. "Yes, xp has these problems, just upgrade to vista and they'll go away."
So, I can't open Word files because of an unfixed risk, and I can't open sound files because of an unfixed risk. Wonderful if you're running the average business..
After switching to OpenOffice and VideoLAN, I guess the leap to Linux isn't that far if it wasn't for the fact that you'd have to switch a whole infrastructure and find a new support environment. Not that easy, but more and more attractive, and it appears to have an ever improving ROI...
Insert
"If the file is a song you ripped from a CD with the Copy protect music option turned on, you might be able to restore your usage rights by playing the file. You will be prompted to connect to a Microsoft Web page that explains how to restore your rights a limited number of times."
Key part bolded. It's optional. Plus it's only available if you choose to rip to WMA, which is also optional. What's with the FUD?
Maybe instead of (or in addition to) fixing things like this, they should distribute a tutorial on how to setup the system to use less-privileged users instead of being logged in as Admin all the time.
Also, they should more actively spread bad press about companies that release products that require administrator rights to be used.
Those companies should be pointed out as part of the reason for security problems and hacked systems.
Oh yeah? How about when I rip a CD to HDD and it adds DRM to the files? How about when it doesn't let me watch a cable show (which I bloody payed for already) because it has DRM bits in it that say I can't watch it on my computer? How about not being able to record TV shows for personal use (which is perfectly legal) for the same reason? How about one day a vendor pushes a recall for certain DRM'ed files through a WMP update and I lose the ability to play my own freaking files?
Yeah, WMP and DRM are really "good" to me.
i ate crayons when i was a kid and now i have two braincells and the blue ones taste nicer
With WMP11, both your DRMed music and your clear music will play.
What DRMed music? You don't actually buy that stuff do you? Sucker.
Again, please please please let's all stop using C and use an alternative like Ada, Cyclone or D!
And no, this is no troll, it's reality: with a language like C, problems like buffer overflows are very easy to do...
At this day an age, a buffer length check is not a serious hit on performance!
The recent coverage of ASX Playlist issues seems somewhat strange. For the uninitiated, here is a quick wrapup:
.m3u method of exploiting the vulnerability) appears around the same time, and reporting is carried by the usual third parties. With no fix present, this remains an effective 0-day (plus, with existing malware targeting .asx files it could make for interesting real-world use).
.asx content, then they are potentially creating a much riskier environment than if they accept the current DoS risk against their platform.
.dmg file handling errors), and the way that information is flowing between, and being distributed by, third party reporting bodies in this case is showing similar patterns.
.asx (and other content types) data passed via 'ref href' that can lead to arbitrary code execution. .asx media type .asx filetype handler can lead to an increased security risk if the replacement application is XMPlay (accepting arbitrary code execution in an effort to avoid a DoS).
XMPlay ASX buffer overflow PoC code posted to milw0rm - 21 November
This PoC demonstrated an exploitable buffer overflow condition in the handling of 'ref href' URIs. A CVE entry (CVE-2006-6063 - though this only identifies the
Windows Media Player DoS code posted to BugTraq - 22 November
Oddly, this code represented an almost exact duplicate of the buffer overflow demonstrated the day before, only with the exploit payload removed and replaced with a bunch of 'A's, and fails to draw much interest from third parties. It isn't until eEye publishes data on this issue (and increases the perceived threat posed) on their 0-day reporting / information site that it attracts some attention from other reporting parties (such as FrSIRT on 7 December), though uptake is slow.
Leaving Chinese Soup's critique (BugTraq) of eEye's analysis aside (why they haven't identified on the XMPlay vulnerability is another question), users need to be aware that if they replace WMP with XMPlay as the default handler of
If this particular code release had appropriate accompanying documentation, it would be possible to work out whether it is a derivative of the earlier code, or fortuitous timing on something found independently.
Criticism has been recently levelled against third party reporting bodies for failing to adequately investigate reports (after one of the recent MoKB OS X corrupted
In summary:
- There is a known 0-day targeting a vulnerability in XMPlay's handling of malicious
- There is a known DoS targeting WMP that is exploited via a long string passed via 'ref href' and using the
- There has been no proven link between the two disclosures
- It has yet to be shown that the WMP vulnerability leads to arbitrary code execution
- The advice to replace WMP as the default
InfoSec that matters, when it counts.
So, Tomorrow we will see yet another hole on the m$ products, but the micro$oft will said "hey folks! use the vista instead" and all the lemmings will be happy ;)
If you look at the history of .asx file exploitation, there has been malware in the wild targeting various .asx vulnerabilities since at least Easter this year. This particular issue was publicly disclosed on November 22, and was only a DoS at the time. There are suspicions that it is a derivative of other code published publicly the day before, which targeted the XMPlay player (the exploits are very, very, very similar).
Either way, it probably won't see much of a change, though it is disappointing to see all the 'respected' InfoSec companies suckered in by eEye's dubious description (concerns have been raised on at least one security mailing list).
InfoSec that matters, when it counts.
Start using String classes. We're sick and tired hearing of these 'buffer overflows' as you call them.
With MS code, a shedload. Much of IE, lots of graphic code, several applications (like ping, apparently).
Userspace drivers NEVER run in ring0. That is why they are CALLED userspace drivers.
MS will never push drivers to Ring3 because there needs to be a context change every time the kernel changes to the driver. That was why NT started slow by damn secure and got worse: drivers weren't in the kernel and MS wanted better performance and damn the consequences.
The fact that "a zero day flaw has been reported" somewhat gives me the impression that neither the submitter nor the editor know what "zero day" refers to. Or perhaps it's just another example of the media hyping a word to a level where it has no meaning anymore.
Last time I checked, "zero day" referred to how many time had passed since the was discovered, released, ...
As in " y0 du0dz eye gotz th1s m4d 0d4y expl0it from 7350, th1s isnt ev3n on hack.co.za y3t!"
[Disclaimer: references in quote might only be obvious to dinosaurs.]
I'm Rocco. I'm the +5 Funny man.
Microsoft had two
Oh
So
Happy
It's
Thursday
moments this week so far: Tuesday's 0-day in Word (which has an exploit) and this one Friday (which currently does not have an exploit).
www.eFax.com are spammers
What exactly is misleading about the post. Is there *not* a zero day bug in Windows Media player. Does it not relate to WMVCORE.DLL.
.. were released,and slashdotted"
"Doesn't affect my Vista machine. Nor my XP Pro machine running IE7 + WMP 11"
What version of WMVCORE.DLL does WMP 11 use and is there a security advisory saying XP is not affected.
""the function at 7D7A8F27 in WMVCORE.DLL version 9.0.0.3250, and at 086E586E in WMVCORE.DLL version 10.0.0.3802"
""I can't help but wonder what it might look like if every time a flaw was discovered in *Nix, and a security advisory
Slashdot has been known to mention bugs in Linux.
"How often does a kernel update in Linux break something that you now have to update, or sometimes roll back alltogether because they won't work"
It doesn't as you aren't forced to update the kernel. Even if you do you can have multiple versions. The same with the apps. And you would never do a major upgrade on a production machine.
was GG Misleading Post (Score:5, yet another Winpologist getting modded up Insightful)
davecb5620@gmail.com
If you insist on only seeing a small part of the DRM picture, specifically the one that doesn't affect you and your files now, you will be all the more surprised when the ugly side of DRM hits you at some point in the future. Except by then it will be too late to do anything about it.
I speak as a person who has been hit by it several times already. And you are affected too, if you'd be willing to open your eyes. What if you want to listen to the CD on the computer and you're told you may not do that? How is that fair?
i ate crayons when i was a kid and now i have two braincells and the blue ones taste nicer
"Since when did a "potentially exploitable heap buffer overflow" become a zero-day exploit?"
:)
Happy now
was zero-day exploit (Score:4, lets not talk about the potential flaw)
davecb5620@gmail.com
Not me. Same crap different operating system version. Same thing happened with the introduction of XP. All kinds of exploits, worms, viri, exploded onto the scene of Microsoft's earlier OS products, applications which already had fixes. Then all of a sudden one application is susceptible to hacks. It's all a marketing scam by Microsoft, because they figure most dimwits who use their products will get infected, and think that the OS doesn't work anymore, because it's an old version, so they buy the "new" and "improved" Vista. A sucker is born every second.
In all these types of "exploits" it seems as if Mars has to be aligned with Jupiter and the moon has to be rising over Uranus before something really bad can happen. Just more nonsense that 90% of users can ignore. The other 10% probably deserve to get hacked. Risk will always be a part of life. Evolution will keep the herd strong by letting the idiots get eaten/hacked.
Terrible karma and aiming lower, which in this environment of one-sided reason, is higher.
Could have sworn parent made this same comment a few moments ago...
There is nothing new about strncpy().
What if I simply choose not to use software that acts like that?
DRM isn't going to stay or go away based on anything I do, and I'm not affected by it, nor will I be upgrading to Vista or WMP11 or any of the other crap being excreted by Microsoft.
DRM can't affect you if you don't invite it on to your hardware.
You are in a maze of twisty little passages, all alike.
In WMP11 and previous versions, there is an option to not copy protect music. It's just one checkbox. Or you can not use the WMA format and use mp3 or whatever. Or you can not use WMP at all.
I have no idea about how DRM in cable works though. I record all my shows using a VCR because it's analog and the shows look warmer than using digital recording.
I think the GP refers to the new "secure" string functions in the VS2005 CRT API, such as strncpy_s (or _tcsncpy_s if you're into unicode).
Karma cannot be described by words alone.
This is FUD. WMP11 doesn't automatically add DRM to your music collection. It will only add DRM to files you RIP with the DRM option on. A feature that's been in WMP for years. This option defaults to OFF as well.
To Summarize:
1. WMP11 does not, in any condition, add DRM to any unprotected files that already exists.
2. WMP11 does not, by default, add any DRM durring the ripping process unless you tell it to.
It's lame that something like this makes the front page. The report makes no mention of version, no proof of concept code is available. Ah but they DO try to sell your their security application which supposedly protects from this vulnerability.
Didn't you know that DRM hides under your bed at night. It's the boogieman and completely unavoidable. You can pretend that there isn't a Windows Media Player version in your future, but there it is staring you in the face.
Personally, I have just decided to never install any Windoze newer than the Windows 2000 that I keep running on my last Windows desktop machine. W2K was a plateau for Microsoft, and anything newer than that is loaded down with capracious malware. 'Validate' every reinstall? No way.
Windoze does have it's place. I use a W98 laptop as my development platform for PIC controllers. It's certainly not a 'platform of the future' however.\
People are gradually figuring it out.
The problem is that for more than a decade Microsoft's priorities have been:
1. Maintain their monopoly
2. Fool the government into thinking they don't have a monopoly
3. Enforce Microsoft lock-in to existing customers
4. Spreading FUD about Linux and Open Software in general
5. Band-aiding the constant stream of security flaws in their older products
6. Inventing more and more byzantine and fragile DRM schemes that are still hacked before they are even released
7. Making new software people actually want to use
As you can see, making good software gets trumped by everything else. As far as I'm concerned, they could have stopped with Windows 2000 and stuck to releasing new hardware support, bug fixes and security patches, and we would all be a lot better off.
Can you imagine how lean, mean, secure and smooth a "Windows 2000 Service Pack 11" would have been in 2006?
It would be everything Microsoft spend 5 years failing to deliver with Vista.
You are in a maze of twisty little passages, all alike.
I had to google ASX to find out what it is, but the first result (which seems to be advocating their use, incidentally) says this:
.asx file it happens to run into is inherently totally insecure.
> ASX files are textual command files that manage [something]. They are very
> small in size (about 1K) because they contain no data, just instructions.
Now, I don't know the technical details of the format, but if that statement is straightforwardly true, then automatically launching these files is inherently a complete abdication of all pretense of security, and any application (be it a mailreader, a web browser, or a desktop application) that automatically launches just any old
I don't mean just risky. I mean totally stupidly insanely dangerous.
Automatic launching of *anything* is risky, even if it's just data (e.g., a PNG image), because you don't know what vulnerabilities the app that handles the format might have (e.g., buffer overruns and so forth). But when you automatically launch *instruction* (as opposed to data) formats, the risk that you have introduced an exploitable vulnerability is practically always 100%.
It's a cardinal no-no. You don't *EVER* program an app to automatically launch executable code like that. This is not your garden variety programming mistake that introduces the potential for insecurity. This is Grade-A Fancy insecurity, served on a golden platter to the bad hats.
Cut that out, or I will ship you to Norilsk in a box.
Use WINAMP!
The new versions of Winamp will play any file that WMP Plays. That, combined with WMP Classic, QT Alternative, Real Alternative, and The Matroska codecs and I'm all set. Heck, my XP box is still running WMP 9! I just dissassociate it with all files, and then stop using it. I never need to touch it again after that.
My Ubuntu box will also play any of the above thanks to Easy Ubuntu. I just loaded up what I wanted, and away I go. (although I wish Amarok was available for the Gnome interface. I hate Totem.)
Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
If you insists on comparing MS security with a cheese product, then compare it with foam-cheese
Something vaguely cheesy, that has more holes than substance? Works for me....
And if you had left off the smiley, you probably would have gotten the +5 as "Insightful" instead of "Funny".
//Information does not want to be free; it wants to breed.
Whoa, it's Steve Ballmer! How are those squirting Zunes selling?
"Sufferin' succotash."
We really don't give a shit anymore if Joe Average can use or figure out Linux. Joe Average can drive his SUV straight off a fucking cliff with a Budweiser in his hand for all I care.
If Joe Average ever gets a clue, he can switch to a Mac. Leave Linux to the geeks and be done with it, it's not meant to be a general usage desktop OS for the Average Joes of the world.
Is it just me or does anyone else wonder why a MEDIA PLAYER is even exploitable? Why is it so hard to secure an application that plays/views data files. Can't you build in some limitations to prevent this problem? I mean, after all, it's nothing more than a "viewer" of data files (streamed or local). MSFT continues to add "functionality" to it's media player and now they are reaping what they sow. Media players don't need scripting and all the other "functionality" MSFT *thinks* we need. Just play the damn file, thank you very much.
Seems like with ever iteration of MSFT Media Player, more exploits come to fruition. I miss my media player ver 6.4, which was simple and convenient.
Since ver 6.4, media player has become a steaming pile of doo-doo. Hell, I can't even open multiple video windows with MP 10 and MP 11. It's like we are going backwards with these things....and the exploits just add fuel to the fire.
Sorry, I just had to get this off my chest. Its been a peeve of mine for a long time (and yes, I now use VLC)
Interesting , he actually has a point.
cheers
* Carthago Delenda Est *
Hope you didn't tape Ice Age...
Error #13: No coffee. Operator halted. Please place boot device at bottom.
Well, for Word, they suggested not opening or saving Word documents.
That's one app down.
I suppose for the Player, they suggest...not playing anything.
Another app down.
What's left? Excel? Access? We already KNOW Outlook Express and Outlook and IE are toast on a daily basis.
And corporations still USE this crap?
Suckers.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
WRONG NEWS, because the fix is already avaible!!! You have just to install the latest Windows Media Player 11 that is not affected by this flaw!