Yep yep. > -----Original Message----- > From: Tom Meunier [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, November 26, 2002 12:58 PM > To: Exchange Discussions > Subject: RE: attachments+virus > > > Bite me. If the vulnerability starts with MS00 or MS01, > anyone who catches it at this point deserves it. > > -----Original Message----- > From: Erik Sojka [mailto:[EMAIL PROTECTED]] > Posted At: Tuesday, November 26, 2002 11:50 AM > Posted To: MSExchange Mailing List > Conversation: attachments+virus > Subject: RE: attachments+virus > > > RTFA!! ;) > > "The .HTM exploits the Microsoft VM ActiveX Component vulnerability > [MS00-075] to register the .ceo extension as an executable > file. The email > message is formed to take advantage of the Incorrect MIME > Header Can Cause > IE to Execute E-mail Attachment vulnerability [MS01-020], but > due to a bug > in the code, the attachment will not run automatically." > > > -----Original Message----- > > From: Tom Meunier [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, November 26, 2002 12:13 PM > > To: Exchange Discussions > > Subject: RE: attachments+virus > > > > > > Yeah? So how does it get associated/executed? > > > > -----Original Message----- > > From: Seitz, Peter [mailto:[EMAIL PROTECTED]] > > Posted At: Tuesday, November 26, 2002 10:21 AM > > Posted To: MSExchange Mailing List > > Conversation: attachments+virus > > Subject: RE: attachments+virus > > > > > > I got this announcement from Symantec this morning > concerning .ceo and > > .pif's. > > > > http://www.sarc.com/avcenter/venc/data/w32.hllw.winevar.html > > > > Peter Seitz > > Cubic Corporation > > Systems Analyst > > San Diego, Ca. 92123 > > (858) 505-2724 > > > > > -----Original Message----- > > > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, November 26, 2002 8:18 AM > > > To: Exchange Discussions > > > Subject: RE: attachments+virus > > > > > > > > > What the heck is a .CEO file anyhow? > > > > > > -----Original Message----- > > > From: Mellott, Bill [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, November 26, 2002 8:18 AM > > > To: Exchange Discussions > > > Subject: RE: attachments+virus > > > > > > > > > EXE is on Martins list of Danger > > > Mpeg is often your/company call (I block it) > > > > > > with regard to the new virus, after looking at the > > > description.. since one of the files is a PIF (which is on > > > martins list or other good things to > > > block) IF the PIF gets blocked..what effect would the .CEO or > > > the .HTM have since the .CEO has no way to register itself > > > with out the PIF being there to run? just curisious > > > > > > bill > > > > > > -----Original Message----- > > > From: Kim Schotanus [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, November 26, 2002 11:13 AM > > > To: Exchange Discussions > > > Subject: RE: attachments > > > > > > > > > So you do not block mpeg and exe? > > > K/ > > > ----Original Message----- > > > From: Seitz, Peter [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, November 26, 2002 17:10 > > > To: Exchange Discussions > > > Subject: RE: attachments > > > > > > > > > Don't forget to add .ceo also. > > > > > > > -----Original Message----- > > > > From: Kim Schotanus [mailto:[EMAIL PROTECTED]] > > > > Sent: Tuesday, November 26, 2002 8:09 AM > > > > To: Exchange Discussions > > > > Subject: attachments > > > > > > > > > > > > Hi, > > > > > > > > Where can I find a list of the most attachments to block? > > > > > > > > > _________________________________________________________________ > > > > List posting FAQ: > http://www.swinc.com/resource/exch_faq.htm > > > > Archives: > http://www.swynk.com/sitesearch/search.asp > > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > > Exchange List admin: [EMAIL PROTECTED] > > > > > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > Exchange List admin: [EMAIL PROTECTED] > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > Exchange List admin: [EMAIL PROTECTED] > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > Exchange List admin: [EMAIL PROTECTED] > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > Exchange List admin: [EMAIL PROTECTED] > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] >
_________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
