[VulnWatch] High Risk Vulnerabilities in Eudora Mail Client

From: NGSSoftware Insight Security Research (nisr_at_nextgenss.com)
Date: 02/02/05

  • Next message: iDefense Customer Service: "[VulnWatch] iDEFENSE Security Advisory 02.07.05: SquirrelMail S/MIME Plugin Command Injection Vulnerability" 
    To: <bugtraq@securityfocus.com>, <vulnwatch@vulnwatch.org>
Date: Wed, 2 Feb 2005 19:31:56 -0000

    John Heasman of NGSSoftware has discovered multiple high risk
    vulnerabilities in the Windows version of Eudora.
    Versions affected include:

    Eudora 6.2.0 and below

    The flaws permit execution of arbitrary code via:

    1) previewing or opening a specially crafted email
    2) opening specially crafted stationary or mailbox files

    These issues have been resolved in Eudora 6.2.1 as detailed at
    http://www.eudora.com/security.html

    It can be downloaded from:

    http://www.eudora.com/products/

    NGSSoftware are going to withhold details of this flaw for three months.
    Full details will be published on the 2nd of May 2005. This three month
    window will allow users of Eudora the time needed to apply the patch before
    the details are released to the general public. This reflects NGSSoftware's
    approach to responsible disclosure.

    NGSSoftware Insight Security Research
    http://www.databasesecurity.com/
    http://www.nextgenss.com/
    +44(0)208 401 0070

  • Next message: iDefense Customer Service: "[VulnWatch] iDEFENSE Security Advisory 02.07.05: SquirrelMail S/MIME Plugin Command Injection Vulnerability"

    Relevant Pages

    • Re: Firefox...opiniones?
      ... del Thunderbird. ... Cuando Microsoft alcanzo la absoluta cuspide con Windows 3.1 y cooperaba con todos. ... Y lanzaron los de Sun una perfecta emulacion de Windows 3.1 que, por supuesto, corria Eudora. ...
      (soc.culture.argentina)
    • Re: [opensuse] Mail Program wanted?
      ... clients that use the same program in the windows environment. ... It includes a perl plugin for advanced searches. ... wife has Eudora, and I find that claws has much of the same ...
      (SuSE)
    • Re: How to search for documents in Word 2007
      ... Bob. ... e-mail from Word with Eudora. ... Write/Draw Anywhere (when not on Windows Tablet PC edition) ... Office 2007 core apps native file format is XML wrapped in a .zip box with differing file extensions under ...
      (microsoft.public.word.docmanagement)
    • Re: Considering returning to Eudora
      ... "accounts" (personalities) at all times. ... If the original poster is basing his opinion of Eudora on his ... Windows experience of it, he should think twice. ... which I understand may not be as available in Mac versions. ...
      (comp.mail.eudora.mac)
    • Re: Questions about Eudora
      ... Kathy Morgan (apparent Guardian Angel of the Eudora Mac newsgroup, ... to activate the Esoteric Settings plugin if you haven't already.) ... "Background Tasks" category in the Windows versions: ...
      (comp.mail.eudora.mac)