1. There is no "patch" for MS00-078. The patch for that vulnerability was the patch released for MS00-057. MS00-057 was superceded by MS00-060. Ergo, if you have MS00-060 then you don't need MS00-057, and don't need anything from MS00-078. In the case of NT, if you try to install MS00-057 over MS00-060 then you will be told you're attempting to overwrite newer files with older files. In the case of Windows 2000, this cannot be done at all. Also, in your reference to the MS00-057 patch you reference the Alpha download binary but include the intel binary name. How'd you construct this URL? 2. In the case of MS00-090, the KB article associated with the patch refers to the version number 6.4.7.1113, not 6.4.9.1110; http://support.microsoft.com/support/kb/articles/q280/4/19.asp dxmasf550.dll has the correct version number, whereas dxmasf.dll has a different number (the 6.4.9.1110 that you mention). I suspect that dxmasf550.dll is implement in certain scenarios, and dxmasf.dll is implemented in others. Chances are dxmasf550 is used when IE 5.5 is installed, but that's only a guess. Either way, have you verified that the Media Player is still vulnerable after applying the patch. I've had no reports indicating that it is. Cheers, Russ - NTBugtraq Editor
This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 08:38:55 PDT