R: Blocking WMF Files via Squid

["Cornali Remo" <Remo.Cornali () rcs it>]

Gaddis, Jeremy L wrote:
> The first step was filtering files with the ".wmf" extension 
> ....  The other 
> step was to block URLs ending in ".wmf" through Squid, 

Sorry, but these methods won't help much.
The exploit is not linked to the .wmf extension, but works even when
the .wmf file is renamed to another extension. See:
http://www.f-secure.com/weblog/archives/archive-012006.html#00000759 ,
brought to my attention by:
http://isc.sans.org/diary.php?storyid=995 
The exploit triggers when the file header is being examined, for
example by a request made by Google Desktop. 

Ciao!
        Remo
 

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------