[From nobody Thu Jul 10 01:59:25 2008
Return-Path: &lt;DSAVEXCHANGEUS001@Radware.com&gt;
X-Original-To: roman@rs-labs.com
Delivered-To: roman@rs-labs.com
Received: from localhost (localhost [127.0.0.1])
	by mta.hosting-seguridad.com (Postfix) with ESMTP id 1166B6020F
	for &lt;roman@rs-labs.com&gt;; Thu, 26 Jan 2006 15:48:09 +0100 (CET)
Received: from ARTEMIS.usa.corp.radware.com (mail19.radware.com
	[209.218.228.153])
	by mta.hosting-seguridad.com (Postfix) with ESMTP id 024EF60226
	for &lt;roman@rs-labs.com&gt;; Thu, 26 Jan 2006 15:48:07 +0100 (CET)
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=&quot;----_=_NextPart_001_01C62288.1B8BC800&quot;
Subject: ALERT - Virus JS/Exploit-CrossSite found;
	an attachment/message has been quarantined
Date: Thu, 26 Jan 2006 09:52:19 -0500
Message-ID: &lt;FB8FD1EFD99AD411A71C00508BF7E1C102543400@exchangeus.usa.corp.radware.com&gt;
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: &lt;FB8FD1EFD99AD411A71C00508BF7E1C102543400@exchangeus.usa.corp.radware.com&gt;
Thread-Topic: ALERT - Virus JS/Exploit-CrossSite found;
	an attachment/message has been quarantined
Thread-Index: AcYiiBuL33KdMf1+ReeCXE3YMC23tQ==
From: &quot;DSAVEXCHANGEUS001\(Network Associates Anti-Virus - Mailbox Agent\)&quot;
	&lt;DSAVEXCHANGEUS001@Radware.com&gt;
To: &quot;Roman Medina&quot; &lt;roman@rs-labs.com&gt;
X-Virus-Scanned: Hosting-Seguridad

This is a multi-part message in MIME format.

------_=_NextPart_001_01C62288.1B8BC800
Content-Type: text/plain;
	charset=&quot;us-ascii&quot;
Content-Transfer-Encoding: quoted-printable

Action Taken:
An attempt to disinfect the attachment was unsuccessful,
so the attachment was quarantined from the message and replaced with
a text file informing the recipient of the action taken. The infected =
attachment
has been placed in the designated quarantine folder.
Please exercise extreme caution when handling the quarantined attachment

To:
full-disclosure@lists.netsys.com

From:
Roman Medina

Sent:
-992492234,29640178

Subject:
[Full-Disclosure] RS-2004-1: SquirrelMail &quot;Content-Type&quot; XSS =
vulnerability

Attachment Details:-

Attachment Name: RS-Labs-Advisory-2004-1.txt
File: RS-Labs-.txt
Infected? Yes
Repaired? No
Virus Name: JS/Exploit-CrossSite


=09

------_=_NextPart_001_01C62288.1B8BC800
Content-Type: application/ms-tnef;
	name=&quot;winmail.dat&quot;
Content-Transfer-Encoding: base64

eJ8+Ig4OAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAFgAAAElQTS5BbnRp
LVZpcnVzLlJlcG9ydACQBwENgAQAAgAAAAIAAgABBIABAFUAAABBTEVSVCAtIFZpcnVzIEpTL0V4
cGxvaXQtQ3Jvc3NTaXRlIGZvdW5kOyBhbiBhdHRhY2htZW50L21lc3NhZ2UgaGFzIGJlZW4gcXVh
cmFudGluZWQAMB4BBYADAA4AAADWBwEAGgAJADQAEwAEAEwBASCAAwAOAAAA1gcBABoACQAuAA0A
BABAAQEJgAEAIQAAADhDQTM5REU2OUI0QjhDNDY5RDNGNDc0REQxODdEODAyAFgHAQOQBgAcCAAA
JAAAAAMAJgAAAAAAAwA2AAAAAABAADkAAMiLG4gixgEeAD0AAQAAAAEAAAAAAAAAAgFHAAEAAAA4
AAAAYz1VUzthPSA7cD1STkQgTmV0d29ya3M7bD1FWENIQU5HRVVTLTA2MDEyNjE0NTIxOVotMTg2
MgAeAHAAAQAAAFUAAABBTEVSVCAtIFZpcnVzIEpTL0V4cGxvaXQtQ3Jvc3NTaXRlIGZvdW5kOyBh
biBhdHRhY2htZW50L21lc3NhZ2UgaGFzIGJlZW4gcXVhcmFudGluZWQAAAAAAgFxAAEAAAAWAAAA
AcYiiBuL33KdMf1+ReeCXE3YMC23tQAAHgAaDAEAAABBAAAARFNBVkVYQ0hBTkdFVVMwMDEoTmV0
d29yayBBc3NvY2lhdGVzIEFudGktVmlydXMgLSBNYWlsYm94IEFnZW50KQAAAAAeAB0OAQAAAFUA
AABBTEVSVCAtIFZpcnVzIEpTL0V4cGxvaXQtQ3Jvc3NTaXRlIGZvdW5kOyBhbiBhdHRhY2htZW50
L21lc3NhZ2UgaGFzIGJlZW4gcXVhcmFudGluZWQAAAAAAgEJEAEAAAB/AgAAewIAAP0DAABMWkZ1
494UPIcACgENA0N0ZXh0Aff/AqQD5AXrAoMAUALzBrQCgyYyA8UCAGNoCsBzZdh0MCAHEwKAfQqA
CM9/CdkCgAqECzcSwgHQE+BjhHRpAiAgVGFrCfBWOgqjCoBBA6BhAkBlwm0FMXRvIGQEAAuAZmYF
kBmhaGUZMgDQaKMHgAIwIHdhBCB1AIAIdWNjB5BzZnVsOiwYpXMZ0BqfBCBxddcKwABwF/BuCYAg
A1IdI9EHgXNhZx1Rbh8AFUC/C1EcEB8AA/AdMBilYRmwvw8BHxADEB1QGiEFsG0LgHZnHSMVQGMF
IAiQG1Fv3mYdJBfkAZAYYS4YMB1BvxokHvEa2BilE3AEIGIJ4T4gIJULgB0jAQAAkGduvxlAHvEe
aB8QBvAEgS4Ypf5QIkAbkB1QDwAEkCNwKxOGdBVAB4AgY2F1F/Pedx1AA6ATcCBAbCLWHmozJh8Y
pVRvGJYcUWwtXRnxYxTQG+AVQEAtYHPYdHMuHuAyAHkyEAWg+m0vXEYDYRiWCAMF0AmAPQuAYS9c
BmACMBiWLTkIOTI0NvAyMzQsADI5NjQwMTc4MTU9dWJqGlEYlltGlTDiRDE3XQfwUy0B0GAwNC0x
OgYAHmBpsnIVQGxNC3ADICIIUAMCMBtBLVR5cGUi6CBYUwXwdhxgHuAekFZiAxAhEHkvXEEa6ERj
E7A8MXM6LT5/GwZOLmEHgDuAOvFMAaBzLVhBZHYEAAWweTsVLrsM0CamRiIxQmhD+Ukllfg/IFkH
kDQGIIALcBVBqUawTm8YpVY70HUHoUFCM0pTL0V4C1BvWSEQLUMDYAQQUyEQZScvXEsdAZEgfUzA
AB4ANRABAAAASwAAADxGQjhGRDFFRkQ5OUFENDExQTcxQzAwNTA4QkY3RTFDMTAyNTQzNDAwQGV4
Y2hhbmdldXMudXNhLmNvcnAucmFkd2FyZS5jb20+AAALAPIQAQAAAB8A8xABAAAAtgAAAEEATABF
AFIAVAAgAC0AIABWAGkAcgB1AHMAIABKAFMA//hFAHgAcABsAG8AaQB0AC0AQwByAG8AcwBzAFMA
aQB0AGUAIABmAG8AdQBuAGQAJQAzAEIAIABhAG4AIABhAHQAdABhAGMAaABtAGUAbgB0AP/4bQBl
AHMAcwBhAGcAZQAgAGgAYQBzACAAYgBlAGUAbgAgAHEAdQBhAHIAYQBuAHQAaQBuAGUAZAAuAEUA
TQBMAAAAAAALAPYQAAAAAEAABzA+voQbiCLGAUAACDB0+CFBhyLGAQMA8T8JBAAAHgD4PwEAAABB
AAAARFNBVkVYQ0hBTkdFVVMwMDEoTmV0d29yayBBc3NvY2lhdGVzIEFudGktVmlydXMgLSBNYWls
Ym94IEFnZW50KQAAAAACAfk/AQAAAGQAAAAAAAAA3KdAyMBCEBq0uQgAKy/hggEAAAAAAAAAL089
Uk5EIE5FVFdPUktTL09VPVJBRFdBUkVVUy9DTj1ORVRXT1JLIEFTU09DSUFURVMvQ049RFNBVkVY
Q0hBTkdFVVMwMDEAHgD6PwEAAAAVAAAAU3lzdGVtIEFkbWluaXN0cmF0b3IAAAAAAgH7PwEAAAAe
AAAAAAAAANynQMjAQhAatLkIACsv4YIBAAAAAAAAAC4AAAADAP0/5AQAAAMAGUAAAAAAAwAaQAAA
AAAeADBAAQAAABIAAABEU0FWRVhDSEFOR0VVUzAwMQAAAB4AMUABAAAAEgAAAERTQVZFWENIQU5H
RVVTMDAxAAAAHgA4QAEAAAASAAAARFNBVkVYQ0hBTkdFVVMwMDEAAAAeADlAAQAAAAIAAAAuAAAA
CwApAAAAAAALACMAAAAAAAMABhBn0hJoAwAHEDsCAAADABAQAAAAAAMAERAAAAAAHgAIEAEAAABl
AAAAQUNUSU9OVEFLRU46QU5BVFRFTVBUVE9ESVNJTkZFQ1RUSEVBVFRBQ0hNRU5UV0FTVU5TVUND
RVNTRlVMLFNPVEhFQVRUQUNITUVOVFdBU1FVQVJBTlRJTkVERlJPTVRIRU1FUwAAAAACAX8AAQAA
AEsAAAA8RkI4RkQxRUZEOTlBRDQxMUE3MUMwMDUwOEJGN0UxQzEwMjU0MzQwMEBleGNoYW5nZXVz
LnVzYS5jb3JwLnJhZHdhcmUuY29tPgAATAs=

------_=_NextPart_001_01C62288.1B8BC800--
]