SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   Eudora Vendors:   Qualcomm
Re: Eudora E-mail Client May Silently Install and Execute Malicious Trojan Software
SecurityTracker Alert ID:  1001141
SecurityTracker URL:  http://securitytracker.com/id/1001141
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 22 2001
Impact:   Execution of arbitrary code via network

Version(s): 5.02 Sponsored Mode
Description:   A vulnerability has been reported in Qualcomm's Eudora e-mail client that allows malicious trojan code to be installed and executed automatically and without warning by an unwitting recipient when the e-mail is read.

The vendor indicates that this inline scripting vulnerability has been fixed in Eudora 5.1 and that a beta of version 5.1 can be found at <http://www.eudora.com/betas/>. The vendor indicates that the final release of 5.1 will be out very soon.

Impact:   An unsuspectig Eudora e-mail client user may inadvertently cause malicious trojan software to be installed and executed by reading a malicious e-mail message.
Solution:   The vendor indicates that this inline scripting vulnerability has been fixed in Eudora 5.1 and that a beta of version 5.1 can be found at <http://www.eudora.com/betas/>. The vendor indicates that the final release of 5.1 will be out very soon.
Vendor URL:  www.eudora.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Apple (Legacy "classic" Mac), Windows (NT), Windows (95), Windows (98), Windows (2000)

Message History:   This archive entry is a follow-up to the message listed below.
Mar 19 2001 Eudora E-mail Client May Silently Install and Execute Malicious Trojan Software



 Source Message Contents

Subject:  Re: feeble.you!dora.exploit


At 07:48 AM 3/21/2001 -0800, http-equiv@excite.com wrote:
>Further to all of this, we include a generic more illustrative (and user
>friendly test working example) [at the end of this batch of quotes].
>
>This defeats the so-called "Allow executables in HTML content" being
>disabled.

This inline scripting hole has been fixed in Eudora 5.1.  A beta of 5.1 can
be found at <http://www.eudora.com/betas/>.  The final release of 5.1 will
be out very soon.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC