A customers PHP script is sending out the following message:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Received: from lx.domain.net [217.123.123.123] by mail.zcom.it with ESMTP
(SMTPD32-8.13) id AD887060072; Tue, 08 Feb 2005 17:49:12 +0100
Received: by lx.domain.net (Postfix, from userid 33)
id 93432A1C4; Tue, 8 Feb 2005 17:47:19 +0100 (CET)
To: [EMAIL PROTECTED]
Subject: Danke
From: "customer.it" <[EMAIL PROTECTED]>
X-Mailer: PITA-Server 1.5-Z8 1107902839 Message-Id:
<[EMAIL PROTECTED]>
Date: Tue, 8 Feb 2005 17:47:19 +0100 (CET)
X-Declude-Sender: [EMAIL PROTECTED] [217.123.123.123]
X-Spam-Tests-Failed: None [0]
X-Country-Chain:
X-Note: Sent from [EMAIL PROTECTED] - ([217.123.123.123]) incoming.
X-Declude-Virus: Detected [Outlook 'CR' Vulnerability].
Danke dass Sie sich bei immobilien-prisma.it erkundigen.
Besuchen Sie uns wieder!
--
Immobilien in Brixen und Umgebung
http://www.immobilien-prisma.it/
mailto:[EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Question: Where is the CR vulnerability?
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
