RE: WMF Vunrability

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 4 Jan 2006 12:01:08 -0600

Hi Edgardo,
 
Remember that the ISA firewall is a extensible platform, especially in
respect to its application layer inspection feature set. David F from
GFI noted that GFI WebMonitor 3.0 will block this at the application
layer inspection level. Check my blog for one approach you can take to
solving the problem.
 
HTH,
Tom
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls
**Who is John Galt?**

 


________________________________

        From: Edgardo Balansay [mailto:balansay@xxxxxxxxx] 
        Sent: Wednesday, January 04, 2006 11:49 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: WMF Vunrability
        
        
        http://www.ISAserver.org 
        I have been thinking similar to "Thor" in that, "... have you
found the application/x-msmetafile mime block is all you have to do?"
        As .wmf file type is listed as
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/mimetypes.msp
x
         
        However Jim Harrison, mentions, "...use pattern matching in the
response stream.  Request and response headers are ok unless the "bad
place" decides to spoof them." 
         
        So application/x-msmetafile mime block does not completely block
the wmf type of files? Is what Jim is saying is that the "bad place" may
spoof the headers, and Windows will continue to open the file with the
vulnerable application/dll? 
         
        But doesn't ISA Application Filter and therefore able to block
the specific mime type for *.wmf regardless of headers?  Much like how
it blocks executables regardless of extension?
         
        Just attempting to add to the discussion, thanks!
        Edgardo
         
        (BTW: above quotes are taken from the "OT - texas hold em"
thread)
        ------------------------------------------------------ List
Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server
Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Visit
TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------ You are currently
subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to
listadmin@xxxxxxxxxxxxx

Other related posts:

• » WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability

1. Home
2. isalist
3. Archive
4. 01-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---