header-logo
Suggest Exploit
vendor:
Eudora
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: Eudora
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2001

Eudora HTML Content Execution Vulnerability

Eudora is an email client that uses Internet Explorer to assist in the viewing of HTML messages if the 'Use Microsoft Viewer' option is enabled. It is possible for an attacker to execute arbitrary code on a remote system even if 'allow executables in HTML content' is disabled, if the 'Use Microsoft viewer' option is enabled.

Mitigation:

Disable the 'Use Microsoft Viewer' option and the 'allow executables in HTML content' option.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2490/info

Eudora uses Internet Explorer to assist in the viewing of html messages if the 'Use Microsoft Viewer' option is enabled. Eudora also has a 'allow executables in HTML content' option, which the documentation recommends be disabled for securithy reasons. It is possible for an attacker to excecute arbitrary code on a remote system even if 'allow executables in HTML content' is disabled, if the 'Use Microsoft viewer' option is enabled. 

http://www.malware.com/you!DORA.txt

Navigation

Suggest Exploit

Services By CQR