Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Andrew Farmer (andfarmgmail.com)
Date: Tue Oct 09 2007 - 22:25:18 CDT
On 09 Oct 07, at 20:04, gjgoweytmo.blackberry.net wrote:
> Sometimes I really do have to wonder about people. Obviously it
> wasn't a message that came from me since the blackberry.net in my
> email might be a good clue that I'm using a blackberry to do my
> emails (in case the T-Mobile tagline/nagline was an obvious enough
> hint as is). Now I wonder which bag of garbage spammer to thank
> for this since someone is obviously running around with my email
> addr and spaming.
> The file / html you received was infected with the Exploit-
> virus and was deleted.
Actually, my guess would be that a message you sent (or that you
quoted!) tripped someone's virus filter. CVE2007-3845 reads:
> Mozilla Firefox before 126.96.36.199, Thunderbird before 188.8.131.52 and 2.x
> before 184.108.40.206, and SeaMonkey before 1.1.4 allow remote attackers
> to execute arbitrary commands via certain vectors associated with
> launching "a file handling program based on the file extension at
> the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor
> states that "it is still possible to launch a filetype handler
> based on extension rather than the registered protocol handler."
which sounds a lot like the topic that was being discussed.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/