[Mimedefang] CLSID extension vulnerabilities
David F. Skoll
dfs at roaringpenguin.com
Thu May 23 08:10:33 EDT 2002
On Thu, 23 May 2002, Michael McCarthy wrote:
> eg. viewthis.jpg.{73a4c9c1-d68d-11d0-98bf-00a0c90dc8d9}
Sigh... I hate windows. Thanks; I'll add the {..} test. Actually,
I have seen this before, and on one of my client's sites, I block
anything with a "{" in the name. I would actually rather do that
that look for a regexp matching a "legal" classid, because I bet there's
some weird encoding which will slip past the regexp, knowing Windoze...
So unless people think that's too restrictive, I'll modify the sample
filter to ban the regexp "[{}]".
Regards,
David.
More information about the MIMEDefang
mailing list