Info

Disclosure

Apr 28, 2000

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Eudora contains a flaw that may allow a malicious user to bypass the user warning for executable attachments, such as .exe, .com, and .bat files. The issue is triggered by using an attached .lnk file that refers to the executable, or "Stealth Attachment." It is possible that the flaw may allow arbitrary code to be executed by an attacker without prompting the user.

Classification

Unknown or Incomplete

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

QUALCOMM Incorporated	Eudora	3.0
		3.0.1
		3.0.2
		3.0.3
		3.0.5
		3.0.6
		4.0
		4.0.2
		4.2
		4.2.1
		4.2.2
		4.2.3
		4.3
		4.3.1
		4.3.2
		5.0
		5.0.1
		5.0.2
		5.1
		5.1.1
		5.2
		6.0
		6.0.1

References

Bugtraq ID: 1157 7653 9101
CVE ID: 2000-0342 (see also: NVD) 2003-0336 (see also: NVD)
Related OSVDB ID: 2548 3085
ISS X-Force ID: 4383 9793
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-11/0163.html
http://archives.neohapsis.com/archives/bugtraq/2003-05/0240.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0147.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0296.html
Vendor URL: http://www.eudora.com/
Vendor Specific Advisory URL: http://www.eudora.com/security.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

QUALCOMM Incorporated

Eudora

References

Credit