Security Basics mailing list archives
R: Blocking WMF Files via Squid
From: "Cornali Remo" <Remo.Cornali () rcs it>
Date: Tue, 3 Jan 2006 19:17:49 +0100
Gaddis, Jeremy L wrote:
The first step was filtering files with the ".wmf" extension .... The other step was to block URLs ending in ".wmf" through Squid,
Sorry, but these methods won't help much. The exploit is not linked to the .wmf extension, but works even when the .wmf file is renamed to another extension. See: http://www.f-secure.com/weblog/archives/archive-012006.html#00000759 , brought to my attention by: http://isc.sans.org/diary.php?storyid=995 The exploit triggers when the file header is being examined, for example by a request made by Google Desktop. Ciao! Remo --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
Current thread:
- R: Blocking WMF Files via Squid Cornali Remo (Jan 04)