Full Disclosure mailing list archives
Re: Report to Recipient(s)
From: Andrew Farmer <andfarm () gmail com>
Date: Tue, 9 Oct 2007 20:25:18 -0700
On 09 Oct 07, at 20:04, gjgowey () tmo blackberry net wrote:
Sometimes I really do have to wonder about people. Obviously it wasn't a message that came from me since the blackberry.net in my email might be a good clue that I'm using a blackberry to do my emails (in case the T-Mobile tagline/nagline was an obvious enough hint as is). Now I wonder which bag of garbage spammer to thank for this since someone is obviously running around with my email addr and spaming.
<snip>
The file / html you received was infected with the Exploit- CVE2007-3845 virus and was deleted.
Actually, my guess would be that a message you sent (or that you quoted!) tripped someone's virus filter. CVE2007-3845 reads:
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
which sounds a lot like the topic that was being discussed. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Report to Recipient(s) gjgowey (Oct 09)
- Re: Report to Recipient(s) Andrew Farmer (Oct 09)