Remote Code Execution Vulnerability in Eudora by Qualcomm
CVE-2001-0365

Currently unrated

Key Information:

Vendor: Qualcomm
Status: Eudora
Vendor: CVE Published:; 27 June 2001

Summary

Eudora before version 5.1 contains a vulnerability that allows remote attackers to execute arbitrary code on a user's system. This occurs when users have enabled the 'Use Microsoft Viewer' and the 'allow executables in HTML content' options. By sending a specially crafted HTML email containing malicious JavaScript and ActiveX controls, an attacker can exploit this vulnerability through the use of misguided IMG tags, potentially compromising the security of the recipient's device.

References

http://marc.info/?l=bugtraq&m=98503741910995&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/2490

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/6262

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jun 27, 2001
Vulnerability Reserved
May 24, 2001