RE: WMF Vunrability
- From: Edgardo Balansay <balansay@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 4 Jan 2006 09:49:17 -0800
I have been thinking similar to "Thor" in that, *"... have you found the
application/x-msmetafile mime block is all you have to do?"*
As .wmf file type is listed as
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/mimetypes.mspx
However Jim Harrison, mentions, *"...use pattern matching in the response
stream. Request and response headers are ok unless the "bad place" decides
to spoof them."*
**
So application/x-msmetafile mime block does not *completely* block the wmf
type of files? Is what Jim is saying is that the "bad place" may spoof the
headers, and Windows will continue to open the file with the vulnerable
application/dll?
But doesn't ISA *Application Filter* and therefore able to block the
specific mime type for *.wmf regardless of headers? Much like how it blocks
executables regardless of extension?
Just attempting to add to the discussion, thanks!
Edgardo
(BTW: above quotes are taken from the "OT - texas hold em" thread)
Other related posts:
