Date: Tue, 9 Oct 2007 20:25:18 -0700
From: Andrew Farmer <andfarm@...il.com>
To: gjgowey@....blackberry.net
Cc: Full-Disclosure dis <full-disclosure@...ts.grok.org.uk>
Subject: Re: Report to Recipient(s)

On 09 Oct 07, at 20:04, gjgowey@....blackberry.net wrote:
> Sometimes I really do have to wonder about people.  Obviously it  
> wasn't a message that came from me since the blackberry.net in my  
> email might be a good clue that I'm using a blackberry to do my  
> emails (in case the T-Mobile tagline/nagline was an obvious enough  
> hint as is).  Now I wonder which bag of garbage spammer to thank  
> for this since someone is obviously running around with my email  
> addr and spaming.
<snip>
> The file / html you received was infected with the Exploit- 
> CVE2007-3845
> virus and was deleted.

Actually, my guess would be that a message you sent (or that you  
quoted!) tripped someone's virus filter. CVE2007-3845 reads:

> Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x  
> before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers  
> to execute arbitrary commands via certain vectors associated with  
> launching "a file handling program based on the file extension at  
> the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor  
> states that "it is still possible to launch a filetype handler  
> based on extension rather than the registered protocol handler."

which sounds a lot like the topic that was being discussed.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists