'[Bug 73951] New: Attachment Winmail.dat is opended automatically'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kmail-devel
Subject:    [Bug 73951] New: Attachment Winmail.dat is opended automatically
From:       Christian Weickhmann <christian.weickhmann () gmx ! de>
Date:       2004-02-01 11:47:27
Message-ID: 20040201114727.202.qmail () ktown ! kde ! org
[Download RAW message or body]

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugs.kde.org/show_bug.cgi?id=73951      
           Summary: Attachment Winmail.dat is opended automatically with
                    KOrganizer (Security vulnerability?)
           Product: kmail
           Version: unspecified
          Platform: Compiled Sources
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: general
        AssignedTo: kmail-devel@kde.org
        ReportedBy: christian.weickhmann@gmx.de

Version:           1.6.50 (CVS 20040117) (using KDE Devel)
Installed from:    Compiled sources
Compiler:          gcc-3.3.1-29 
OS:          Linux

The following eMail-Code caused KMail to open the attachment (winmail.dat) in \
KOrganizer without asking. This could be a possibility to execute code on a machine \
with the user's priviliges. Please don't be confused that this is an eMail with a \
Symantec Virus Notification...

//----------------- EMail-Code --------------------------------

Return-Path: <someuser@t-online.de>
X-Flags: 1001
Delivered-To: GMX delivery to christian.weickhmann@gmx.de
Received: (qmail 9537 invoked by uid 65534); 30 Jan 2004 15:06:29 -0000
Received: from mailout08.sul.t-online.com (EHLO mailout08.sul.t-online.com) 
(194.25.134.20)
  by mx0.gmx.net (mx010) with SMTP; 30 Jan 2004 16:06:29 +0100
Received: from fwd03.aul.t-online.de 
        by mailout08.sul.t-online.com with smtp 
        id 1AmYBD-0001Wf-02; Fri, 30 Jan 2004 13:55:27 +0100
Received: from someuser 
(V8Fl6TZTgeUu1U4Eb3gE6EylaZ95cRqcVN7pw1soU1OUatriwkMs6E@[80.128.190.27]) by 
fwd03.sul.t-online.com
        with esmtp id 1AmY91-1sb0j20; Fri, 30 Jan 2004 13:53:11 +0100
From: someuser@t-online.de (Someone)
To: "Weickhmann, Christian" <christian.weickhmann@gmx.de>
Subject: WG: Norton AntiVirus News Bulletin - Virus Alert!
Date: Fri, 30 Jan 2004 13:52:02 +0100
Message-ID: <NIBBINLBKLHABIDBJLODMEDDCDAA.wiener.helga@t-online.de>
MIME-Version: 1.0
Content-Type: multipart/mixed;
  boundary="----=_NextPart_000_000B_01C3E738.3D67BF20"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
X-MS-TNEF-Correlator: <NIBBINLBKLHABIDBJLODMEDDCDAA.wiener.helga@t-online.de>
Disposition-Notification-To: "Someuser" <someuser@t-online.de>
X-Seen: false
X-ID: V8Fl6TZTgeUu1U4Eb3gE6EylaZ95cRqcVN7pw1soU1OUatriwkMs6E
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: 0 (Mail was not recognized as spam)
Status: R
X-Status: N
X-KMail-EncryptionState:  
X-KMail-SignatureState:  
X-KMail-MDN-Sent: 

This is a multi-part message in MIME format.

Hallo Christian,

[...] Some eMail-text.

-----Ursprüngliche Nachricht-----
Von: NAV-Techinfo [mailto:symantec_bulletins@symantec.com]
Gesendet: Dienstag, 27. Januar 2004 19:51
An: NAV-TECHINFO-L@excu-ls-1.symantec.com
Betreff: Norton AntiVirus News Bulletin - Virus Alert!

January 27, 2004
_____________________________
In this issue:

1.  Level 4 Virus Alert! W32.Novarg.A@mm
2.  Feedback
3.  Subscribing and unsubscribing
4.  Disclaimer
_____________________________
NOTE: This is an outgoing email address. Do not reply to this email
message. If you require assistance with installing, configuring, or
troubleshooting a Symantec product, or if you have a question for Customer
Service, then visit the Symantec Service & Support Web site at the
following Internet address:

http://www.symantec.com/techsupp/

To view this and prior News Bulletins in HTML format, visit the following
Internet address:

http://www.symantec.com/techsupp/bulletin/archive/nav/nav_archive.html
_____________________________

1.  Level 4 Virus Alert! W32.Novarg.A@mm

Security Response is currently tracking a new mass-mailing worm named
W32.Novarg.A@mm.  The threat arrives in an email with an attachment that
has an .exe, .pif, .scr or .zip file extension.  This worm is encrypted.

Note: Symantec Consumer products that support Worm Blocking functionality
automatically detect this threat as it attempts to spread.

The following write-up will be updated when additional information about
the worm is available. Check the write-up frequently for updated
information.

http://www.symantec.com/techsupp/vURL.cgi/nav119

Definitions dated January 26, 2004 will detect the W32.Novarg.A@mm worm.
Run
LiveUpdate or download the Intelligent Updater virus definitions at:

http://securityresponse.symantec.com/avcenter/defs.download.html

Symantec Security Response has developed a removal tool to clean the
infections of W32.Novarg.A@mm. You can download the removal tool from the
Symantec Web site at:

http://www.symantec.com/techsupp/vURL.cgi/nav120

Also Known As:  W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend]
Type:  Worm
Infection Length:  22,528 bytes
Systems Affected:  Microsoft Windows 95/98/Me/NT/2000/XP
Systems Not Affected:  DOS, Linux, Macintosh, OS/2, UNIX, Microsoft Windows
3.x

_____________________________

2.  Feedback

Do you have feedback that can help us provide better products or services?
If so, then we want to hear from you. Visit the Symantec suggestion box at
the following Internet address, and let us know how we can improve:

http://www.symantec.com/feedback/

_____________________________

3.  Subscribing and unsubscribing

You are receiving this email because you subscribed to the Norton AntiVirus
Technical News Bulletin from the Symantec Web site.

If you want to subscribe to other Symantec newsletters, or you want to
unsubscribe, then follow the instructions at the following Internet
address:

http://www.symantec.com/techsupp/bulletin/consumer.html

If you are unable to successfully unsubscribe, then follow these steps:

    1.  Create a new email message addressed to:

        LISTSERV@LSERVER.SYMANTEC.COM

    2.  In the Subject line, type the following:

        UNSUBSCRIBE

    3.  In the body of the message, type the following:

        SIGNOFF NAV-TECHINFO-L

    4.  Send the message.

_____________________________

4.  Disclaimer

THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY.

This message contains Symantec Corporation's current view of the topics
discussed as of the date of this document. The information contained in
this message is provided "as is" without warranty of any kind, either
expressed or implied, including but not limited to the implied warranties
of merchantability, fitness for a particular purpose, and freedom from
infringement. The user assumes the entire risk as to the accuracy and the
use of this document. This document may not be distributed for profit.

Symantec and the Symantec logo are U.S. registered trademarks of Symantec
Corporation. Other brands and products are trademarks of their respective
holder(s).

["winmail.dat" (application/ms-tnef)]
//---------------End of eMail ---------------------------------
_______________________________________________
KMail developers mailing list
KMail-devel@kde.org
https://mail.kde.org/mailman/listinfo/kmail-devel

[prev in list] [next in list] [prev in thread] [next in thread] 