Home page logo
/

basics logo Security Basics mailing list archives

R: Blocking WMF Files via Squid
From: "Cornali Remo" <Remo.Cornali () rcs it>
Date: Tue, 3 Jan 2006 19:17:49 +0100

 

Gaddis, Jeremy L wrote:
The first step was filtering files with the ".wmf" extension 
....  The other 
step was to block URLs ending in ".wmf" through Squid, 

Sorry, but these methods won't help much.
The exploit is not linked to the .wmf extension, but works even when
the .wmf file is renamed to another extension. See:
http://www.f-secure.com/weblog/archives/archive-012006.html#00000759 ,
brought to my attention by:
http://isc.sans.org/diary.php?storyid=995 
The exploit triggers when the file header is being examined, for
example by a request made by Google Desktop. 

Ciao!
        Remo
 

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • R: Blocking WMF Files via Squid Cornali Remo (Jan 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault