[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Report to Recipient(s)
- To: gjgowey@xxxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Report to Recipient(s)
- From: Andrew Farmer <andfarm@xxxxxxxxx>
- Date: Tue, 9 Oct 2007 20:25:18 -0700
On 09 Oct 07, at 20:04, gjgowey@xxxxxxxxxxxxxxxxxx wrote:
> Sometimes I really do have to wonder about people. Obviously it
> wasn't a message that came from me since the blackberry.net in my
> email might be a good clue that I'm using a blackberry to do my
> emails (in case the T-Mobile tagline/nagline was an obvious enough
> hint as is). Now I wonder which bag of garbage spammer to thank
> for this since someone is obviously running around with my email
> addr and spaming.
<snip>
> The file / html you received was infected with the Exploit-
> CVE2007-3845
> virus and was deleted.
Actually, my guess would be that a message you sent (or that you
quoted!) tripped someone's virus filter. CVE2007-3845 reads:
> Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x
> before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers
> to execute arbitrary commands via certain vectors associated with
> launching "a file handling program based on the file extension at
> the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor
> states that "it is still possible to launch a filetype handler
> based on extension rather than the registered protocol handler."
which sounds a lot like the topic that was being discussed.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/