Info

Disclosure

Sep 07, 2000

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Eudora contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user replies to a message that contained an attachment, which will disclose the full path of the saved attachment on a "Attachment Converted" line in the reply, resulting in a loss of confidentiality. A common example is the use of a Virtual Card File (VCF) attachment.

Classification

Unknown or Incomplete

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Remove "Attachment Converted" lines in all outgoing responses.

Products

QUALCOMM Incorporated	Eudora	4.2
		4.3

References

Related OSVDB ID: 1305 2548 2803 3085
Bugtraq ID: 1653
CVE ID: 2000-0874 (see also: NVD)
ISS X-Force ID: 5206
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-09/0022.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

QUALCOMM Incorporated

Eudora

References

Credit