[From nobody Thu Jul 10 01:59:25 2008
Return-Path: &lt;DSAVEXCHANGEUS001@Radware.com&gt;
X-Original-To: roman@rs-labs.com
Delivered-To: roman@rs-labs.com
Received: from localhost (localhost [127.0.0.1])
	by mta.hosting-seguridad.com (Postfix) with ESMTP id 3F9F56025F
	for &lt;roman@rs-labs.com&gt;; Thu, 26 Jan 2006 15:48:08 +0100 (CET)
Received: from ARTEMIS.usa.corp.radware.com (mail19.radware.com
	[209.218.228.153])
	by mta.hosting-seguridad.com (Postfix) with ESMTP id 4F60F6020F
	for &lt;roman@rs-labs.com&gt;; Thu, 26 Jan 2006 15:48:07 +0100 (CET)
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=&quot;----_=_NextPart_001_01C62288.1B27AF00&quot;
Subject: ALERT - Virus JS/Exploit-CrossSite found;
	an attachment/message has been quarantined
Date: Thu, 26 Jan 2006 09:52:19 -0500
Message-ID: &lt;FB8FD1EFD99AD411A71C00508BF7E1C1025433FE@exchangeus.usa.corp.radware.com&gt;
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: &lt;FB8FD1EFD99AD411A71C00508BF7E1C1025433FE@exchangeus.usa.corp.radware.com&gt;
Thread-Topic: ALERT - Virus JS/Exploit-CrossSite found;
	an attachment/message has been quarantined
Thread-Index: AcYiiBsnfQEpHinnRyyjR+aVgLhFZA==
From: &quot;DSAVEXCHANGEUS001\(Network Associates Anti-Virus - Mailbox Agent\)&quot;
	&lt;DSAVEXCHANGEUS001@Radware.com&gt;
To: &quot;Roman Medina&quot; &lt;roman@rs-labs.com&gt;
X-Virus-Scanned: Hosting-Seguridad

This is a multi-part message in MIME format.

------_=_NextPart_001_01C62288.1B27AF00
Content-Type: text/plain;
	charset=&quot;us-ascii&quot;
Content-Transfer-Encoding: quoted-printable

Action Taken:
An attempt to disinfect the attachment was unsuccessful,
so the attachment was quarantined from the message and replaced with
a text file informing the recipient of the action taken. The infected =
attachment
has been placed in the designated quarantine folder.
Please exercise extreme caution when handling the quarantined attachment

To:
full-disclosure@lists.netsys.com

From:
Roman Medina

Sent:
1181173308,29640727

Subject:
RS-2004-1: SquirrelMail &quot;Content-Type&quot; XSS vulnerability

Attachment Details:-

Attachment Name: RS-Labs-Advisory-2004-1.txt
File: RS-Labs-.txt
Infected? Yes
Repaired? No
Virus Name: JS/Exploit-CrossSite


=09

------_=_NextPart_001_01C62288.1B27AF00
Content-Type: application/ms-tnef;
	name=&quot;winmail.dat&quot;
Content-Transfer-Encoding: base64

eJ8+Ig0OAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAFgAAAElQTS5BbnRp
LVZpcnVzLlJlcG9ydACQBwENgAQAAgAAAAIAAgABBIABAFUAAABBTEVSVCAtIFZpcnVzIEpTL0V4
cGxvaXQtQ3Jvc3NTaXRlIGZvdW5kOyBhbiBhdHRhY2htZW50L21lc3NhZ2UgaGFzIGJlZW4gcXVh
cmFudGluZWQAMB4BBYADAA4AAADWBwEAGgAJADQAEwAEAEwBASCAAwAOAAAA1gcBABoACQAuAAwA
BAA/AQEJgAEAIQAAADU2NUJBM0MyNDA4MDc5NDdBNjVCQUZGRkRBOTRGRDdGAGwHAQOQBgAQCAAA
JAAAAAMAJgAAAAAAAwA2AAAAAABAADkAAK8nG4gixgEeAD0AAQAAAAEAAAAAAAAAAgFHAAEAAAA4
AAAAYz1VUzthPSA7cD1STkQgTmV0d29ya3M7bD1FWENIQU5HRVVTLTA2MDEyNjE0NTIxOVotMTg1
OQAeAHAAAQAAAFUAAABBTEVSVCAtIFZpcnVzIEpTL0V4cGxvaXQtQ3Jvc3NTaXRlIGZvdW5kOyBh
biBhdHRhY2htZW50L21lc3NhZ2UgaGFzIGJlZW4gcXVhcmFudGluZWQAAAAAAgFxAAEAAAAWAAAA
AcYiiBsnfQEpHinnRyyjR+aVgLhFZAAAHgAaDAEAAABBAAAARFNBVkVYQ0hBTkdFVVMwMDEoTmV0
d29yayBBc3NvY2lhdGVzIEFudGktVmlydXMgLSBNYWlsYm94IEFnZW50KQAAAAAeAB0OAQAAAFUA
AABBTEVSVCAtIFZpcnVzIEpTL0V4cGxvaXQtQ3Jvc3NTaXRlIGZvdW5kOyBhbiBhdHRhY2htZW50
L21lc3NhZ2UgaGFzIGJlZW4gcXVhcmFudGluZWQAAAAAAgEJEAEAAAB0AgAAcAIAAOsDAABMWkZ1
LbzKgIcACgENA0N0ZXh0Aff/AqQD5AXrAoMAUALzBrQCgyYyA8UCAGNoCsBzZdh0MCAHEwKAfQqA
CM9/CdkCgAqECzcSwgHQE+BjhHRpAiAgVGFrCfBWOgqjCoBBA6BhAkBlwm0FMXRvIGQEAAuAZmYF
kBmhaGUZMgDQaKMHgAIwIHdhBCB1AIAIdWNjB5BzZnVsOiwYpXMZ0BqfBCBxddcKwABwF/BuCYAg
A1IdI9EHgXNhZx1Rbh8AFUC/C1EcEB8AA/AdMBilYRmwvw8BHxADEB1QGiEFsG0LgHZnHSMVQGMF
IAiQG1Fv3mYdJBfkAZAYYS4YMB1BvxokHvEa2BilE3AEIGIJ4T4gIJULgB0jAQAAkGduvxlAHvEe
aB8QBvAEgS4Ypf5QIkAbkB1QDwAEkCNwKxOGdBVAB4AgY2F1F/Pedx1AA6ATcCBAbCLWHmozJh8Y
pVRvGJYcUWwtXRnxYxTQG+AVQEAtYHPYdHMuHuAyAHkyEAWg+m0vXEYDYRiWCAMF0AmAPQuAYS9c
BmACMBiWMTECODbQNzMzMDgsoDI5NjQwAcA3NT2YdWJqGlEz91MtAdBgMDQtMToGAB5gabJyFUBs
TQtwAyAiCFADAjAbQS1UeXBlIuggWFMF8HYcYB7gHpBWYgMQIRB5L1xBGuhEYxOwOxFzOi09XxsG
Ti5hB4A6YDnRTAGgcy1YQWR2BAAFsHk59S67DNAmpkYiMUFIQtlJJZX4PyBZB5A0BiCAC3AVQalF
kE5vGKVWOrB1B6FBQRNKUy9FeAtQb1khEC1DA2AEEFMhEGUnL1xJ/QGRIH1LoB4ANRABAAAASwAA
ADxGQjhGRDFFRkQ5OUFENDExQTcxQzAwNTA4QkY3RTFDMTAyNTQzM0ZFQGV4Y2hhbmdldXMudXNh
LmNvcnAucmFkd2FyZS5jb20+AAALAPIQAQAAAB8A8xABAAAAtgAAAEEATABFAFIAVAAgAC0AIABW
AGkAcgB1AHMAIABKAFMA//hFAHgAcABsAG8AaQB0AC0AQwByAG8AcwBzAFMAaQB0AGUAIABmAG8A
dQBuAGQAJQAzAEIAIABhAG4AIABhAHQAdABhAGMAaABtAGUAbgB0AP/4bQBlAHMAcwBhAGcAZQAg
AGgAYQBzACAAYgBlAGUAbgAgAHEAdQBhAHIAYQBuAHQAaQBuAGUAZAAuAEUATQBMAAAAAAALAPYQ
AAAAAEAABzB6myAbiCLGAUAACDCw1b1AhyLGAQMA8T8JBAAAHgD4PwEAAABBAAAARFNBVkVYQ0hB
TkdFVVMwMDEoTmV0d29yayBBc3NvY2lhdGVzIEFudGktVmlydXMgLSBNYWlsYm94IEFnZW50KQAA
AAACAfk/AQAAAGQAAAAAAAAA3KdAyMBCEBq0uQgAKy/hggEAAAAAAAAAL089Uk5EIE5FVFdPUktT
L09VPVJBRFdBUkVVUy9DTj1ORVRXT1JLIEFTU09DSUFURVMvQ049RFNBVkVYQ0hBTkdFVVMwMDEA
HgD6PwEAAAAVAAAAU3lzdGVtIEFkbWluaXN0cmF0b3IAAAAAAgH7PwEAAAAeAAAAAAAAANynQMjA
QhAatLkIACsv4YIBAAAAAAAAAC4AAAADAP0/5AQAAAMAGUAAAAAAAwAaQAAAAAAeADBAAQAAABIA
AABEU0FWRVhDSEFOR0VVUzAwMQAAAB4AMUABAAAAEgAAAERTQVZFWENIQU5HRVVTMDAxAAAAHgA4
QAEAAAASAAAARFNBVkVYQ0hBTkdFVVMwMDEAAAAeADlAAQAAAAIAAAAuAAAACwApAAAAAAALACMA
AAAAAAMABhBRvrs4AwAHECwCAAADABAQAAAAAAMAERAAAAAAHgAIEAEAAABlAAAAQUNUSU9OVEFL
RU46QU5BVFRFTVBUVE9ESVNJTkZFQ1RUSEVBVFRBQ0hNRU5UV0FTVU5TVUNDRVNTRlVMLFNPVEhF
QVRUQUNITUVOVFdBU1FVQVJBTlRJTkVERlJPTVRIRU1FUwAAAAACAX8AAQAAAEsAAAA8RkI4RkQx
RUZEOTlBRDQxMUE3MUMwMDUwOEJGN0UxQzEwMjU0MzNGRUBleGNoYW5nZXVzLnVzYS5jb3JwLnJh
ZHdhcmUuY29tPgAARAc=

------_=_NextPart_001_01C62288.1B27AF00--
]