SV: href:cid vulnerability ???
Anders Andersson, IT
anders.andersson at LTKALMAR.SE
Tue Mar 30 16:06:59 IST 2004
Ive saw a couple of those mails but I havent found any dangerous thing in
them. It seemed like somone is trying to point to a server where there will
be some kind of thingy. Havent looked to close at it yet but IM gona give it
a try and see if I can find something
> -----Ursprungligt meddelande-----
> Från: John Wilcock [mailto:john at TRADOC.FR]
> Skickat: den 30 mars 2004 14:20
> Till: MAILSCANNER at JISCMAIL.AC.UK
> Ämne: OT: href:cid vulnerability ???
>
> Sorry for the off-topic post - hoping that with all the
> viruses MailScanner users see, someone will be able to
> identify this for me, or at least point me in the right
> direction. I have of course tried googling for
> appropriate-looking keywords, to no avail
>
> A friend of a colleague, having problems and suspecting a
> virus, has forwarded us a suspicious-looking message which
> she believes might have been the trigger.
>
> The message is unfortunately not complete (forwarded by a
> non-savvy user, using Eudora); it purports to come from her
> ISP and contains a link to what looks at first glance like it
> might be the ISP's webmail system. In actual fact the link is
> far sneakier:
>
> | <a
> |
> href="cid:031401mfdab4$3f3dl780$73387018 at 57w81fa70re">www</a>.tiscali.
> | fr/inbox/username/read.php?sessionid<a
> | href="cid:031401mfdab4$3f3dl780$73387018 at 57w81fa70re">-26899</a>
>
> (I've changed the "username" for privacy reasons).
>
> Anyone seen this type of vulnerability before? Any pointers please?
>
> John.
>
> --
> -- Over 2400 webcams from ski resorts around the world -
> www.snoweye.com
> -- Translate your technical documents and web pages - www.tradoc.fr
>
More information about the MailScanner
mailing list