RE: FYI: Hex blog: Windows WMF Metafile Vulnerability HotFix

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 2 Jan 2006 09:15:28 -0800

That's David's point; they're using file signature checking; not SMTP
headers.
SMTP headers are just as easily spoofed as HTTP headers and therefore
*not* to be trusted.
--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
--------------------------------------------

-----Original Message-----
From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
Sent: Monday, January 02, 2006 8:47 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FYI: Hex blog: Windows WMF Metafile Vulnerability
HotFix

http://www.ISAserver.org


David or any one, what is the line that would be seen in the body of an
e-mail indicating that it is a wmf file time picture in the body of an
e-mail?

 

John T

eServices For You

 

-----Original Message-----
From: David Farinic [mailto:davidfa@xxxxxxx] 
Sent: Monday, January 02, 2006 7:03 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FYI: Hex blog: Windows WMF Metafile Vulnerability
HotFix

 

http://www.ISAserver.org

For WebMon3 users:

 

As there are more than 50 variants of this exploit in wild, we added wmf
real file-type signature checking so now you can block this filetype
"whatever" extension content type it hides under.

However you need to update to build 20060102  or later version:

ftp://ftp.gfisoftware.com/temp/Netmon/del/20060102/webmonitor3.exe

Handle with care as this version is currently under testing and once
proves bug free we will replace version of WM3 on our main site.

 

With Kind Regards DavidFA.

 

P.S: Please trust info/email like this (about WM3 updates) only if they
point to *.gfisoftware.com or *.gfi.com domains for updates.

 

 

________________________________

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Monday, January 02, 2006 3:31 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] FYI: Hex blog: Windows WMF Metafile Vulnerability
HotFix

 

http://www.ISAserver.org



Hex blog: Windows WMF Metafile Vulnerability HotFix:
http://www.hexblog.com/2005/12/wmf_vuln.html 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
davidf@xxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
johnlist@xxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 
  

This mail was checked for viruses by GFI MailSecurity. GFI also develops
anti-spam software (GFI MailEssentials), a fax server (GFI FAXmaker),
and network security and management software (GFI LANguard) -
www.gfi.com 


All mail to and from this domain is GFI-scanned.

Other related posts:

• » FYI: Hex blog: Windows WMF Metafile Vulnerability HotFix
• » RE: FYI: Hex blog: Windows WMF Metafile Vulnerability HotFix
• » RE: FYI: Hex blog: Windows WMF Metafile Vulnerability HotFix
• » RE: FYI: Hex blog: Windows WMF Metafile Vulnerability HotFix
• » RE: FYI: Hex blog: Windows WMF Metafile Vulnerability HotFix
• » RE: FYI: Hex blog: Windows WMF Metafile Vulnerability HotFix
• » RE: FYI: Hex blog: Windows WMF Metafile Vulnerability HotFix

1. Home
2. isalist
3. Archive
4. 01-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---