Eudora attachment spoofing bypass warning messages
| eudora-attachment-spoofing-bypass (9793) |  Medium Risk |
Description:
Eudora could allow a remote attacker to use a specially-crafted or malformed attachment name or attachment directory path name to spoof a file extension. A remote attacker could use this vulnerability to cause attachment warning messages to be bypassed when a user opens an attachment with a spoofed file extension, which could lead to the execution of malicious programs on the victim's computer.
Platforms Affected:
- Qualcomm, Eudora 5.1
- Qualcomm, Eudora 5.2
- Qualcomm, Eudora 5.2.1
- Qualcomm, Eudora 6.0.1
- Qualcomm, Eudora 6.0.3
Remedy:
No remedy available as of November 22, 2008.
Consequences:
Bypass Security
References:
- BugTraq Mailing List, Mon Nov 24 2003 - 21:17:52 CST, Eudora 6.0.1 LaunchProtect at http://archives.neohapsis.com/archives/bugtraq/2003-11/0296.html.
- BugTraq Mailing List, Wed May 21 2003 - 23:54:13 CDT, Eudora 5.2.1 attachment spoof at http://archives.neohapsis.com/archives/bugtraq/2003-05/0240.html.
- BugTraq Mailing List, Wed Nov 12 2003 - 18:40:46 CST, Eudora 6.0.1 attachment spoof at http://archives.neohapsis.com/archives/bugtraq/2003-11/0147.html.
- BugTraq Mailing List, Wed Nov 13 2002 - 14:44:50 CST , Eudora 5.2 attachment spoof at http://archives.neohapsis.com/archives/bugtraq/2002-11/0163.html.
- Full-Disclosure Mailing List, Thu Mar 18 2004 - 20:39:26 CST, Eudora 6.0.3 attachment spoof, LaunchProtect at http://archives.neohapsis.com/archives/fulldisclosure/2004-03/0826.html.
- Full-Disclosure Mailing List, Wed Aug 07 2002 - 16:49:20 CDT, Eudora attachment spoof at http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/0029.html.
- BID-5432: Qualcomm Eudora File Attachment Spoofing Vulnerability
- BID-7653: Qualcomm Eudora File Attachment Spoofing Variant Vulnerability
- BID-9101: Qualcomm Eudora Attachment LaunchProtect Warning Bypass Weakness
- CVE-2002-2351: Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing . (dot).
- CVE-2003-0336: Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files via an email message with a carriage return (CR) character in a spoofed Attachment Converted: string, which is not properly handled by Eudora.
Reported:
Aug 08, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net