Security Flaw in Eudora Product by Qualcomm
CVE-2000-0342

7.5HIGH

Key Information:

Vendor
Qualcomm
Status
Eudora
Vendor
CVE Published:
28 April 2000

Summary

Eudora version 4.x has a security vulnerability that allows remote attackers to circumvent user warnings for executable file attachments. This is accomplished through the use of a .lnk file that points to the executable attachment, such as .exe, .com, or .bat files. The result is a significant risk as users may unknowingly execute malicious files without adequate warning.

References

http://www.peacefire.org/security/stealthattach/explanati...
x_refsource_MISC
http://news.cnet.com/news/0-1005-200-1773077.html?tag=st....
x_refsource_CONFIRM
http://www.securityfocus.com/bid/1157
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.