RE: WMF Vulnerability

  • From: "Thor \(Hammer of God\)" <thor@xxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 4 Jan 2006 13:22:46 -0800

If there was some "flag" in the file itself, some application would have to parse it in the first place in order to find that out. The metafile is just a file-- it's the graphics rendering engine that breaks with a malformed file. If you keep the Fax Viewer from executing the file, you're fine. If over HTTP, the app is launched based on MIME type. If a regular file (like in an attachment) it is by extension.

t

-----
"I may disapprove of what you say,
but I will defend to the death your
right to say it."


----- Original Message ----- From: "Hillaert, Todd" <THillaert@xxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, January 04, 2006 12:41 PM
Subject: [isalist] RE: WMF Vulnerability


http://www.ISAserver.org

Hi

Correct me if I'm wrong, but as I understand it, a WMF  is not handled
by the operating system only according its extension, but by special
flags set within the file itself.

That's why blocking *.wmf or the mime types will not stop it.

Todd

-----Original Message-----
From: Brian Boyes [mailto:BrianB@xxxxxxxxx]
Sent: Wednesday, January 04, 2006 2:37 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF Vulnerability

http://www.ISAserver.org

True enough. You had mentioned it was doable with GFI and I though it
might be useful to mention how it could be done via surfcontrol as well.
Personally, I blocked WMF files at ISA and with my surfcontrol filter,
just in case.

Brian

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, January 04, 2006 2:41 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF Vulnerability

Hi Brian,

You don't need SurfControl just to block .wmf files, you can use the OOB
ISA firewall to do that.

Tom


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
thillaert@xxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx




------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx




Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 01-2006