RE: WMF Vunrability

• From: "JosephK" <josephk@xxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 4 Jan 2006 09:53:17 -0800

Another minor way to fix this from the desktop point of view and yes it
is a pain in the ass. Change the program that opens up *.wmf (fax
viewer) to use
notepad instead.  Not very feasible though with a real large shop.

Joseph



-----Original Message-----
From: Edgardo Balansay [mailto:balansay@xxxxxxxxx] 
Sent: Wednesday, January 04, 2006 9:49 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF Vunrability

http://www.ISAserver.org 
I have been thinking similar to "Thor" in that, "... have you found the
application/x-msmetafile mime block is all you have to do?"
As .wmf file type is listed as
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/mimetypes.msp
x
 
However Jim Harrison, mentions, "...use pattern matching in the response
stream.  Request and response headers are ok unless the "bad place"
decides to spoof them." 
 
So application/x-msmetafile mime block does not completely block the wmf
type of files? Is what Jim is saying is that the "bad place" may spoof
the headers, and Windows will continue to open the file with the
vulnerable application/dll? 
 
But doesn't ISA Application Filter and therefore able to block the
specific mime type for *.wmf regardless of headers?  Much like how it
blocks executables regardless of extension?
 
Just attempting to add to the discussion, thanks!
Edgardo
 
(BTW: above quotes are taken from the "OT - texas hold em" thread)
------------------------------------------------------ List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server
Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Visit
TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------ You are currently
subscribed to this ISAserver.org Discussion List as: josephk@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability

1. Home
2. isalist
3. Archive
4. 01-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---