RE: WMF Vunrability

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 4 Jan 2006 11:23:10 -0800

This patch is:
1. not MS-produced
2. not MS-supported
3. installed at your own risk. 


-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx] 
Sent: Wednesday, January 04, 2006 11:09
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF Vunrability

http://www.ISAserver.org

There is a MSI for the patch now:
http://isc.sans.org/diary.php?n&storyid=1010 

 
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
 
Guiding the Future of Transportation
www.KPSA.ca
 
 

-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
Sent: January 4, 2006 12:01 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF Vunrability

http://www.ISAserver.org

I wouldn't call it "program like behavior."  They just contain both metadata 
and rendering data in the same file (as I understand it.)

Renaming the file to something like ".gif" or ".jpg" could still cause 
execution if loaded from a file, but only if the Picture and Fax Viewer was the 
default program for those file types.  From a browser, for WP&FV to open it and 
parse the data, it has to be that MIME type (again, as I understand
it.)

While I've read here that the "way to do it" is how GFI does it, I've still not 
seen any information on why simple content filtering won't work.  But then 
again, I read where Jim is working with MSRC to come up with a "workable" 
filter.  It would be nice to get some authoritative, detailed information on 
why MIME and file type filtering *won't* work.

t


-----
"I may disapprove of what you say,
but I will defend to the death your
right to say it."


----- Original Message -----
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, January 04, 2006 10:31 AM
Subject: [isalist] RE: WMF Vunrability


http://www.ISAserver.org

Hi Tim,

Don't know about that, but it's a good question. But I have to wonder about 
other apps that  open the WMF files. FWIU, WMF files have some program like 
behavior that allow it to call other programs if something doesn't work.

How's that as a erudite description for a process? :)

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**



> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> Sent: Wednesday, January 04, 2006 12:13 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF Vunrability
>
> http://www.ISAserver.org
>
> But if he sets a differnt mime type, Fax Viewer won't open the 
> program, right?
>
> t
> -----
> "I may disapprove of what you say,
> but I will defend to the death your
> right to say it."
>
>
> ----- Original Message -----
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Wednesday, January 04, 2006 9:32 AM
> Subject: [isalist] RE: WMF Vunrability
>
>
> http://www.ISAserver.org
>
> Hi Jonathon,
>
> That won't work, because the scumbag can use any file name he wants.
> Same goes with the MIME type. The MIME type is set at the Web server, 
> so the scumbag can associate any MIME type he wants.
>
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> > -----Original Message-----
> > From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
> > Sent: Wednesday, January 04, 2006 11:25 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: WMF Vunrability
> >
> > http://www.ISAserver.org
> >
> > What I did to block it was:
> >
> > Internet Access Policy -> Protocols tab -> Filtering ->
> Configure HTTP
> > -> Extensions tab.  Should be self explanatory from there.
> >
> >
> >
> > Jonathon J. Howey
> > KPSA Compliance Management Inc.
> > P 780.409.5620
> > F 780.409.5621
> > D 780.409.5628
> > C 780.965.8363
> > Jonathon@xxxxxxx
> >
> > Guiding the Future of Transportation www.KPSA.ca
> >
> >
> >
> > -----Original Message-----
> > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > Sent: January 4, 2006 10:12 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: WMF Vunrability
> >
> > http://www.ISAserver.org
> >
> > He never stated what his "block" was.
> >
> >
> > -------------------------------------------------------
> >    Jim Harrison
> >    MCP(NT4, W2K), A+, Network+, PCG
> >    http://isaserver.org/Jim_Harrison/
> >    http://isatools.org
> >    Read the help / books / articles!
> > -------------------------------------------------------
> >
> >
> > -----Original Message-----
> > From: Brian Boyes [mailto:BrianB@xxxxxxxxx]
> > Sent: Wednesday, January 04, 2006 09:02
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: WMF Vunrability
> >
> > http://www.ISAserver.org
> >
> > > I have installed the "wmf" block to my ISA 2004 clients but
> > I not sure
> >
> > > how to set this up for ISA 2000.
> > > Could someone provide advice of the best way to do this.
> >
> > Did anyone ever post an answer? I'm curious about this "wmf block".
> >
> > Brian
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > jim@xxxxxxxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > All mail to and from this domain is GFI-scanned.
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > Jonathon@xxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as:
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Jonathon@xxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

• » WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability

1. Home
2. isalist
3. Archive
4. 01-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---