Is MS vulnerable to this Unicode trick?

Martin Hepworth maxsec at gmail.com
Fri May 13 14:57:11 IST 2011


names make no difference - 'file' (or varients) s used to check for
executables not just based on name of file.

-- 
Martin Hepworth
Oxford, UK


2011/5/13 Beauchemin, Denis <Denis.Beauchemin at usherbrooke.ca>

> I just read something that makes me wonder if MS can detect those Unicode
> names as executables?
>
> http://norman.com/security_center/security_center_archive/2011/rtlo_unicode_hole
>
> We’ve been blocking EXE, BAT and many other executables for a long time
> with MS, just based on the file name. I didn’t want to use the file command
> because we encouraged people to rename offending attachments before sending
> them.
>
> Should I start using the file command just to be on the safe side?
>
> Thanks!
>
> Denis
>
> Denis Beauchemin
> Architecte Technologique - Section Infrastructure des serveurs
> Service des technologies de l’information (S.T.I.)
> Université de Sherbrooke
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110513/cfc5250d/attachment.html


More information about the MailScanner mailing list