RE: WMF Vunrability
- From: "JosephK" <josephk@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 4 Jan 2006 10:03:00 -0800
Hi Thomas,
WMF -- Um, this is a family list! But, I could also think of a few more
things. Google desktop indexing has a flaw...If some unsuspecting user
sets it up incorrectly or some goof uses it on a corporate network,
then, the indexing process can show up on the internet! Now that's
why I don't use trash like that.
I'm sure you knew that *.wmf was for windows meta file. Changing the
program that opens that to notepad actually works. At least in my test
environment.
Thank you,
Joseph
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, January 04, 2006 10:03 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF Vunrability
http://www.ISAserver.org
Hi Jospeh,
I read that even if you use Google indexing service on your computer, it
will whack you when the WMF is accessed.
BTW, what does WMF stand for? I can think of a few things right now :))
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message-----
> From: JosephK [mailto:josephk@xxxxxxxxx]
> Sent: Wednesday, January 04, 2006 11:53 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF Vunrability
>
> http://www.ISAserver.org
>
> Another minor way to fix this from the desktop point of view
> and yes it
> is a pain in the ass. Change the program that opens up *.wmf (fax
> viewer) to use
> notepad instead. Not very feasible though with a real large shop.
>
> Joseph
>
>
>
> -----Original Message-----
> From: Edgardo Balansay [mailto:balansay@xxxxxxxxx]
> Sent: Wednesday, January 04, 2006 9:49 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF Vunrability
>
> http://www.ISAserver.org
> I have been thinking similar to "Thor" in that, "... have you
> found the
> application/x-msmetafile mime block is all you have to do?"
> As .wmf file type is listed as
> http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/mim
> etypes.msp
> x
>
> However Jim Harrison, mentions, "...use pattern matching in
> the response
> stream. Request and response headers are ok unless the "bad place"
> decides to spoof them."
>
> So application/x-msmetafile mime block does not completely
> block the wmf
> type of files? Is what Jim is saying is that the "bad place" may spoof
> the headers, and Windows will continue to open the file with the
> vulnerable application/dll?
>
> But doesn't ISA Application Filter and therefore able to block the
> specific mime type for *.wmf regardless of headers? Much like how it
> blocks executables regardless of extension?
>
> Just attempting to add to the discussion, thanks!
> Edgardo
>
> (BTW: above quotes are taken from the "OT - texas hold em" thread)
> ------------------------------------------------------ List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server
> Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
> FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------ Visit
> TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------ You
> are currently
> subscribed to this ISAserver.org Discussion List as: josephk@xxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
