[Dshield] block unneeded file ext
rdshield at leirtech.com
Thu Aug 16 13:09:20 GMT 2007
> Outlook, Outlook Express) the advice is to disable the preview pane
> and that problem goes away.
> My question is, does it? I seem to recall that there have been at
> least a couple of vulnerabilities in client-side parsing libraries
> that were exploitable even in the case that the preview pane was
> disabled, or in other words that disabling the preview pane was not an
> effective workaround for mitigating these vulnerabilities. I think
> they may have been exposures in VML, GDI, ANI or similar. In this
> case, the net effect is that without actual user interaction, the
Yes, I do recall such exploits. Was it .xls or MS database attachments
that were executed before the user was prompted for confirmation. There
were Microsoft patches but not everyone updates their machine.
> is to block unneeded file extensions at your SMTP gateway such as .exe,
> .scr, .vbs, and .dll.
But Microsoft often looks into the file to determine type, ignoring the
extension, so it might be named .jpg but get treated as some other file
type. You need something like
cheers -- Rick
More information about the list