Lucene search

[email protected]CVE-2001-0365

HistoryMar 09, 2002 - 5:00 a.m.

CVE-2001-0365

2002-03-0905:00:00

[email protected]

web.nvd.nist.gov

eudora

remote attacker

execution arbitrary code

javascript

activex

html email.

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.041

Percentile

92.2%

JSON

Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the ‘Use Microsoft Viewer’ and ‘allow executables in HTML content’ options are enabled, via an HTML email message containing Javascript, with ActiveX controls and malicious code within IMG tags.

Affected configurations

NVD

Node

qualcommeudoraRange≤5.1

qualcommeudoraMatch5.0.2

VendorProductVersionCPE
qualcommeudora5.0.2cpe:/a:qualcomm:eudora:5.0.2:::
qualcommeudoracpe:/a:qualcomm:eudora::::

Vendor	Product	Version	CPE
qualcomm	eudora	5.0.2	cpe:/a:qualcomm:eudora:5.0.2:::
qualcomm	eudora		cpe:/a:qualcomm:eudora::::

References

marc.info/?l=bugtraq&m=98503741910995&w=2

www.securityfocus.com/bid/2490

exchange.xforce.ibmcloud.com/vulnerabilities/6262

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.041

Percentile

92.2%

JSON

Related for CVE-2001-0365

cvelist1 nvd1