SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (E-mail Client)  >   Eudora Vendors:   Qualcomm
Re: Eudora E-mail Client May Silently Install and Execute Malicious Trojan Software
SecurityTracker Alert ID:  1001141
SecurityTracker URL:  http://securitytracker.com/id/1001141
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 22 2001
Impact:   Execution of arbitrary code via network

Version(s): 5.02 Sponsored Mode
Description:   A vulnerability has been reported in Qualcomm's Eudora e-mail client that allows malicious trojan code to be installed and executed automatically and without warning by an unwitting recipient when the e-mail is read.

The vendor indicates that this inline scripting vulnerability has been fixed in Eudora 5.1 and that a beta of version 5.1 can be found at <http://www.eudora.com/betas/>. The vendor indicates that the final release of 5.1 will be out very soon.

Impact:   An unsuspectig Eudora e-mail client user may inadvertently cause malicious trojan software to be installed and executed by reading a malicious e-mail message.
Solution:   The vendor indicates that this inline scripting vulnerability has been fixed in Eudora 5.1 and that a beta of version 5.1 can be found at <http://www.eudora.com/betas/>. The vendor indicates that the final release of 5.1 will be out very soon.
Vendor URL:  www.eudora.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:   MacOS, Windows (NT), Windows (95), Windows (98), Windows (2000)

Message History:   This archive entry is a follow-up to the message listed below.
Mar 19 2001 Eudora E-mail Client May Silently Install and Execute Malicious Trojan Software


 Source Message Contents
Date:  Wed, 21 Mar 2001 13:59:34 -0800
Subject:  Re: feeble.you!dora.exploit


At 07:48 AM 3/21/2001 -0800, http-equiv@excite.com wrote:
>Further to all of this, we include a generic more illustrative (and user
>friendly test working example) [at the end of this batch of quotes].
>
>This defeats the so-called "Allow executables in HTML content" being
>disabled.

This inline scripting hole has been fixed in Eudora 5.1.  A beta of 5.1 can
be found at <http://www.eudora.com/betas/>.  The final release of 5.1 will
be out very soon.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC