Clarification: Eudora is NOT vulnerable to e-mail viruses

Jonathan M. Gilligan (jonathan.gilliganVANDERBILT.EDU)
Fri, 19 Nov 1999 10:36:40 -0600

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Ussr Labs: "Remote D.o.S Attack in ZetaMail 2.1 Mail POP3/SMTP Server Vulnerability"
• Previous message: Taco Van Ieperen: "Re: SCM and strange handling of services"

With generous help from Jeff Beckley at Qualcomm, I have determined that I
was incorrect in asserting on this list that Eudora was vulnerable to
executing code if the "Allow Executable HTML Content" option was turned
off. I was wrong and Eudora WILL NOT execute HTML scripts if this option is
turned off.

What I saw was, I believe, a DOS attack using non-executable HTML tags
which I had incorrectly interpreted as executing scripts in the same
message. I will post further information when Qualcomm has had a chance to
respond, but I wanted to correct my previous error quickly to prevent
needless worrying and to avoid casting aspersions on Eudora.

Jonathan Gilligan

• Next message: Ussr Labs: "Remote D.o.S Attack in ZetaMail 2.1 Mail POP3/SMTP Server Vulnerability"
• Previous message: Taco Van Ieperen: "Re: SCM and strange handling of services"

This archive was generated by hypermail 2.0b3 on Fri Nov 19 1999 - 17:33:20 CST