OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Eudora security bug - executes URL
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Eudora security bug - executes URL


  • To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
  • Subject: Re: Eudora security bug - executes URL
  • From: Toby Beaumont <tobywirestation.co.uk>
  • Date: Fri, 7 Aug 1998 18:05:30 +0100
  • Organization: Wirestation
  • Reply-To: toby.beaumontwirestation.co.uk
  • Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>

Stout, Bill wrote:

> Security hole is discovered on another e-mail program
>
> 8/7/98
>
> "...The Eudora flaw makes it possible for a malicious computer user with
> little or no programming expertise to booby-trap an e-mail message by
> inserting a seemingly harmless link

And I believe that's not all..........

The security breach in Eudora could allow someone to email file
attachments that could erase files or install a virus, according to a story
by the Associated Press quoting Matthew  Parks, manager of the Eudora
product line. Parks told AP that it has yet to  happen to anyone.

  "Essentially, what happened is one of our users reported that...he was
actually able to find a possible security flaw within email," Parks told AP.

  The San Diego-based firm is planning to release a patch today on its Web
site that users can download to fix  the problem. The problem affects the
Windows 95 versions of Eudora versions  4.0, 4.0.1, and 4.1, which is
currently available for beta testing.  Qualcomm is still testing to see if
other operating system versions are  affected, according to the AP story.

  Ironically, Qualcomm within days posted an advisory on its Web site
claiming its mail programs were  free of the flaw and not  susceptible to
such security attacks. The note was posted Wednesday, the  same day the
Eudora user notified Qualcomm of the related security flaw in  its mail
systems.


==================
Toby Beaumont
Senior Web Developer
Wirestation

Tel +44 (0)171 336 6510
http://www.wirestation.co.uk