Eudora E-mail Client May Silently Install and Execute Malicious Trojan Software
SecurityTracker Alert ID: 1001117|
SecurityTracker URL: http://securitytracker.com/id/1001117
(Links to External Site)
Date: Mar 19 2001
Execution of arbitrary code via network|
Version(s): 5.02 Sponsored Mode|
A vulnerability has been reported in Qualcomm's Eudora e-mail client that allows malicious trojan code to be installed and executed automatically and without warning by an unwitting recipient when the e-mail is read.|
No action on part of the client is necessary, other than simply opening the email.
Some demonstration exploit steps are provided in the original source message.
An unsuspectig Eudora e-mail client user may inadvertently cause malicious trojan software to be installed and executed by reading a malicious e-mail message.|
No solution was available at the time of this entry. The author of the report suggests disabling "use Microsoft viewer" and "allow executables in HTML content."|
Vendor URL: www.eudora.com/ (Links to External Site)
Access control error|
|Underlying OS: Apple (Legacy "classic" Mac), Windows (NT), Windows (95), Windows (98), Windows (2000)|
This archive entry has one or more follow-up message(s) listed below.|
Source Message Contents
Sunday, March 18, 2001
Silent delivery and installation of an executable on a target computer. No
client input other than opening an email using Eudora 5.02 - Sponsored Mode
provided 'use Microsoft viewer' and 'allow executables in HTML content' are
One wonders why they are there in the first place.
This can be achieved with relative ease as follows:
1. Create yet another HTML mail message as follows:
<img SRC="cid:mr.malware.to.you" style="display:none">
<img id=W0W src="cid:malware.com" style="display:none">
<IFRAME id=malware width=10 height=10 style="display:none" ></IFRAME>
// 18.03.01 http://www.malware.com
Where our first image is our executable. Our second image comprises a simple
What happens is, once the mail message is opened in Eudora 5.02 - Sponsored
Mode, the two 'embedded' images are silently and instantly transferred to
ActiveX control [note: knowing the file names and locations are not
necessary at all], which is then displayed out of sight in our iframe. This
inturn executes our *.exe.
control reside in the same folder [the so-called "Embedded' folder], and
because it is automatically called to our iframe, everything is instant.
No warning, no nothing. The *.exe is executed instantly. No client input
other than opening the email.
2. Working Example. Harmless *.exe. incorporated. Tested on win98, with
IE5.5 (all of its patches and so-called service packs), Eudora 5.02 -
Sponsored Mode with 'use Microsoft viewer' and 'allow executables in HTML
content' (this refers to scripting, not literally executables).
The following is in plaintext. We are unable to figure out how to import a
single message into Eudora's inbox. Perhaps some bright spark knows.
Otherwise, incorporate the text sample into a telnet session or other and
fire off to your Eudora inbox:
Notes: disable 'use Microsoft viewer' and 'allow executables in HTML
Send a cool gift with your E-Card