Attachment spoofing code execution in Eudora

2004-11-1500:00:00

BUGTRAQ

vulners.com

If "attach" and "attach.exe" co-exist in message and "attach" is clicked, "attach.exe" will be silently executed instead.

CPENameOperatorVersion
eudoraeq6.2
eudoraeq6.1
eudoraeq6.0
eudoraeq5.2

Name	Operator	Version
eudora	eq	6.2
eudora	eq	6.1
eudora	eq	6.0
eudora	eq	5.2

References

vulners.com/securityvulns/securityvulns:doc:4584

vulners.com/securityvulns/securityvulns:doc:5113

vulners.com/securityvulns/securityvulns:doc:5460

vulners.com/securityvulns/securityvulns:doc:6456

vulners.com/securityvulns/securityvulns:doc:6962

vulners.com/securityvulns/securityvulns:doc:7181