RE: WMF Vulnerability

• From: "John T \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 5 Jan 2006 10:29:29 -0800

Tried that but it did not work. I however did get it by before saying ok to
the final popup, went to the command window and did a select all and then
copy and paste.

John T
eServices For You


> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> Sent: Thursday, January 05, 2006 10:21 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF Vunrability
> 
> http://www.ISAserver.org
> 
> If the vbs outputs to the console, you can use the redirector to capture
the
> text, as in "myscript.vbs > mytext.txt"
> 
> t
> 
> -----
> "I may disapprove of what you say,
> but I will defend to the death your
> right to say it."
> 
> 
> ----- Original Message -----
> From: "John T (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Thursday, January 05, 2006 8:52 AM
> Subject: [isalist] RE: WMF Vunrability
> 
> 
> > http://www.ISAserver.org
> >
> > How can you run a vbs and capture the output?
> >
> > John T
> > eServices For You
> >
> >
> >> -----Original Message-----
> >> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> >> Sent: Thursday, January 05, 2006 6:39 AM
> >> To: [ISAserver.org Discussion List]
> >> Subject: [isalist] RE: WMF Vunrability
> >>
> >> http://www.ISAserver.org
> >>
> >> If it encounters any errors, it will *not* save the changes.
> >> This prevents "half-updates" that are often impossible to revert
without
> >> deleting the corrupted rule.
> >>
> >> Can you re-run it and C&P the screen output?
> >> Also, your ISAInfo would help.
> >> --------------------------------------------
> >> Jim Harrison
> >> MCP(NT4, W2K), A+, Network+, PCG
> >> http://isaserver.org/Jim_Harrison/
> >> http://isatools.org
> >> Read the help / books / articles!
> >> --------------------------------------------
> >>
> >> -----Original Message-----
> >> From: Paul Crisp [mailto:PCrisp@xxxxxxxxxxxxxxxxx]
> >> Sent: Thursday, January 05, 2006 12:57 AM
> >> To: [ISAserver.org Discussion List]
> >> Subject: [isalist] RE: WMF Vunrability
> >>
> >> http://www.ISAserver.org
> >>
> >> Hey Jim,
> >>
> >> After getting page not found then realised the spelling mistake in your
> >> URL. Downloaded the script and decided to test, and I get the following
> >> error appear:
> >>
> >> *** Failed to upodate the HTTP Filter settings....
> >> Error 0x424
> >> Error: Object required
> >>
> >> It seems to do this when examining my rules and its trying to add the
> >> .emf and .wmf definitions and it only does it on some rules.
> >>
> >> Also, looked at one of the rules it said it modified but it doesn't
seem
> >> to have done anything, how can I tell?
> >>
> >> ps
> >>
> >> Running ISA 2004 SE on Windows 2000 box
> >>
> >> Regards
> >>
> >>
> >> Paul Crisp
> >> Snr Network Support Analyst
> >>
> >> -----Original Message-----
> >> From: Greg Mulholland [mailto:greg@xxxxxxxxxxxxxx]
> >> Sent: 05 January 2006 07:26
> >> To: [ISAserver.org Discussion List]
> >> Subject: [isalist] RE: WMF Vunrability
> >>
> >> http://www.ISAserver.org
> >>
> >> Same
> >>
> >>
> >>
> >> Greg Mulholland
> >> Just because I don't care, doesn't mean i dont understand - Homer
> >> Simpson
> >>
> >> -----Original Message-----
> >> From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> >> Sent: Thursday, January 05, 2006 6:22 PM
> >> To: [ISAserver.org Discussion List]
> >> Subject: [isalist] RE: WMF Vunrability
> >>
> >> http://www.ISAserver.org
> >>
> >> Page not found. :(
> >>
> >> John T
> >> eServices For You
> >>
> >>
> >> > -----Original Message-----
> >> > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> >> > Sent: Wednesday, January 04, 2006 10:33 PM
> >> > To: [ISAserver.org Discussion List]
> >> > Subject: [isalist] RE: WMF Vunrability
> >> >
> >> > http://www.ISAserver.org
> >> >
> >> > Anyone interested in trying the beta script, it's at
> >> > http://isatools.org/block_wsf.zip.
> >> >
> >> > It's not been through code-review of final approval, so YMMV (works
> >> > for me in 2004 SE & EE).
> >> >
> >> > --------------------------------------------
> >> > Jim Harrison
> >> > MCP(NT4, W2K), A+, Network+, PCG
> >> > http://isaserver.org/Jim_Harrison/
> >> > http://isatools.org
> >> > Read the help / books / articles!
> >> > --------------------------------------------
> >> >
> >> > -----Original Message-----
> >> > From: Andy Haigh [mailto:ahaigh@xxxxxxxxxxxxxxxx]
> >> > Sent: Wednesday, January 04, 2006 9:57 PM
> >> > To: [ISAserver.org Discussion List]
> >> > Subject: [isalist] RE: WMF Vunrability
> >> >
> >> > http://www.ISAserver.org
> >> >
> >> > We have been running anti-wife software since v1.0
> >> >
> >> > So far has worked very well, though there were a couple of close
> >> shaves.
> >> >
> >> > Know of others who were not so lucky and got caught out. They didn't
> >> > notice anything initially, but all of a sudden they realised they
> >> > behaviour and dress was being changed by this malware. They lost
> >> > control of what they spent their income on, who they went out with
and
> >>
> >> > where they went.
> >> >
> >> > They were suddenly spurred into action and the removal of this
malware
> >>
> >> > became the prime goal. What they thought would be a simple removal
> >> > turned into a painfull and costly process which took a lot of time
and
> >>
> >> > recources.
> >> >
> >> > Finally they are rid of it though!!!!
> >> >
> >> > I have been told that there are versions of the wife malware that
> >> > doesn't effect your user experience and I have even heard tales of
> >> > this malware actually enhancing it.
> >> >
> >> > You have been warned!!
> >> >
> >> > -----Original Message-----
> >> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> >> > Sent: Thursday, 5 January 2006 3:33 PM
> >> > To: [ISAserver.org Discussion List]
> >> > Subject: [isalist] RE: WMF Vunrability
> >> >
> >> > http://www.ISAserver.org
> >> >
> >> > Regarding the wmf vulnerability, the Microsoft Outlook spell-checker
> >> > wants to change it to "wife."  Now THAT'S some intuitive damn code!!!
> >> >
> >> > t
> >> >
> >> > -----
> >> > "I may disapprove of what you say,
> >> > but I will defend to the death your
> >> > right to say it."
> >> >
> >> >
> >> > ----- Original Message -----
> >> > From: "Greg Mulholland" <greg@xxxxxxxxxxxxxx>
> >> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> >> > Sent: Wednesday, January 04, 2006 8:20 PM
> >> > Subject: [isalist] RE: WMF Vunrability
> >> >
> >> >
> >> > http://www.ISAserver.org
> >> >
> >> > You've earned you stripes today Harrison :)  nice work
> >> >
> >> > Greg Mulholland
> >> >
> >> > ________________________________
> >> >
> >> > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> >> > Sent: Thu 5/01/2006 12:57 PM
> >> > To: [ISAserver.org Discussion List]
> >> > Subject: [isalist] RE: WMF Vunrability
> >> >
> >> >
> >> >
> >> > http://www.ISAserver.org
> >> >
> >> > Updated:
> >> >
> >> > HTTP filter settings (you all know how to get there).
> >> >
> >> > 1. Extensions:
> >> > <choice>
> >> >    Set "block specified"
> >> >    Add .emf
> >> >    Description="application/x-msmetafile"
> >> >    Add .wmf
> >> >    Description="application/x-msmetafile"
> >> > </choice>
> >> > <choice>
> >> >    Set "allow specified"
> >> >    Remove .emf
> >> >    Remove .wmf
> >> > </choice>
> >> > <notachoice>
> >> >    Set "allow all"
> >> > </notachoice>
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > ------------------------------------------------------
> >> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> >> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> >> > ------------------------------------------------------
> >> > Visit TechGenix.com for more information about our other sites:
> >> > http://www.techgenix.com
> >> > ------------------------------------------------------
> >> > You are currently subscribed to this ISAserver.org Discussion List
as:
> >> > thor@xxxxxxxxxxxxxxx
> >> > To unsubscribe visit
> >> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >> > Report abuse to listadmin@xxxxxxxxxxxxx
> >> >
> >> >
> >> > ------------------------------------------------------
> >> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> >> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> >> > ------------------------------------------------------
> >> > Visit TechGenix.com for more information about our other sites:
> >> > http://www.techgenix.com
> >> > ------------------------------------------------------
> >> > You are currently subscribed to this ISAserver.org Discussion List
as:
> >> > ahaigh@xxxxxxxxxxxxxxxx
> >> > To unsubscribe visit
> >> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >> > Report abuse to listadmin@xxxxxxxxxxxxx
> >> >
> >> > ------------------------------------------------------
> >> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> >> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> >> > ------------------------------------------------------
> >> > Visit TechGenix.com for more information about our other sites:
> >> > http://www.techgenix.com
> >> > ------------------------------------------------------
> >> > You are currently subscribed to this ISAserver.org Discussion List
as:
> >> > jim@xxxxxxxxxxxx
> >> > To unsubscribe visit
> >> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >> > Report abuse to listadmin@xxxxxxxxxxxxx
> >> >
> >> > All mail to and from this domain is GFI-scanned.
> >> >
> >> >
> >> > ------------------------------------------------------
> >> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> >> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> >> > ------------------------------------------------------
> >> > Visit TechGenix.com for more information about our other sites:
> >> > http://www.techgenix.com
> >> > ------------------------------------------------------
> >> > You are currently subscribed to this ISAserver.org Discussion List
as:
> >> > johnlist@xxxxxxxxxxxxxxxxxxx
> >> > To unsubscribe visit
> >> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >> > Report abuse to listadmin@xxxxxxxxxxxxx
> >>
> >>
> >> ------------------------------------------------------
> >> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> >> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> >> ------------------------------------------------------
> >> Visit TechGenix.com for more information about our other sites:
> >> http://www.techgenix.com
> >> ------------------------------------------------------
> >> You are currently subscribed to this ISAserver.org Discussion List as:
> >> greg@xxxxxxxxxxxxxx To unsubscribe visit
> >> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >> Report abuse to listadmin@xxxxxxxxxxxxx
> >>
> >> ------------------------------------------------------
> >> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> >> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> >> ------------------------------------------------------
> >> Visit TechGenix.com for more information about our other sites:
> >> http://www.techgenix.com
> >> ------------------------------------------------------
> >> You are currently subscribed to this ISAserver.org Discussion List as:
> >> pcrisp@xxxxxxxxxxxxxxxxx
> >> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >> Report abuse to listadmin@xxxxxxxxxxxxx
> >>
> >> ------------------------------------------------------
> >> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> >> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> >> ------------------------------------------------------
> >> Visit TechGenix.com for more information about our other sites:
> >> http://www.techgenix.com
> >> ------------------------------------------------------
> >> You are currently subscribed to this ISAserver.org Discussion List as:
> >> jim@xxxxxxxxxxxx
> >> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >> Report abuse to listadmin@xxxxxxxxxxxxx
> >>
> >> All mail to and from this domain is GFI-scanned.
> >>
> >>
> >> ------------------------------------------------------
> >> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> >> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> >> ------------------------------------------------------
> >> Visit TechGenix.com for more information about our other sites:
> >> http://www.techgenix.com
> >> ------------------------------------------------------
> >> You are currently subscribed to this ISAserver.org Discussion List as:
> >> johnlist@xxxxxxxxxxxxxxxxxxx
> >> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >> Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> > thor@xxxxxxxxxxxxxxx
> > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability

1. Home
2. isalist
3. Archive
4. 01-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---