23 matches found
CVE-1999-1016
CVE-1999-1016 concerns the Microsoft HTML control used in Internet Explorer 5.0, FrontPage Express, Outlook Express 5, and Eudora. The vulnerability allows a remote attacker (via a malicious web site or HTML email) to trigger a denial of service by crafting large HTML form fields (e.g., text inpu...
CVE-2003-0300
CVE-2003-0300 concerns the IMAP Client for Sylpheed 0.8.11. A remote IMAP server can trigger a denial-of-service (crash) by sending certain large literal size values that lead to signedness errors or integer overflow in the client. The available sources describe the vulnerability as a DoS conditi...
CVE-2007-2770
CVE-2007-2770: A stack-based buffer overflow in Eudora 7.1’s SMTP handling enables a remote, user-assisted attacker to execute arbitrary code via a long SMTP reply. The issue requires the user to click through a warning for exploitation. No remediation details are provided in the connected docume...
CVE-1999-1448
Affected software: Eudora and Eudora Light before 3.05. Vulnerable component: e-mail processing using dates in messages. Root cause: certain dates cause Divide By Zero errors (dates before 1970) or segmentation faults (dates ~100 years after current date). Impact: remote attacker could cause a cr...
CVE-2001-1326
CVE-2001-1326 affects Eudora 5.1, where remote code execution is possible when the "Use Microsoft Viewer" option is on and the "allow executables in HTML content" option is off. An HTML email containing a form activated from an image spoofed as a link causes the user to execute the form and acces...
CVE-2007-3166
CVE-2007-3166 describes a buffer overflow in Qualcomm Eudora 7.1.0.9 that allows a user-assisted, remote IMAP server to execute arbitrary code via a long FLAGS response to a SELECT INBOX command. The CVE is documented in NVD with a base score of 6.8 (Medium) and an attack vector of NETWORK with n...
CVE-2000-0342
CVE-2000-0342 (Eudora 4.x) describes a vulnerability where remote attackers can bypass the user warning for executable attachments (.exe, .com, .bat) by using a .lnk file that references the attachment, a.k.a. “Stealth Attachment.” The linked PT-2000-1308 entry confirms the affected software as E...
CVE-2002-2351
CVE-2002-2351 affects Eudora 5.1. An attacker could bypass security warnings and possibly execute arbitrary code through email attachments where the name ends with a trailing dot. The connected documents confirm this behavior across Red Hat, CVE listings, and NVD references, all citing the same d...
CVE-1999-0427
CVE-1999-0427 affects Eudora 4.1. A remote attacker can cause a denial of service by sending attachments with long file names. The issue originates from how long filenames are processed during attachment handling. Reports (Red Hat, NVD/NVD listing, PT Security) confirm the DoS impact; exploitatio...
CVE-2004-1521
The CVE-2004-1521 issue affects Eudora 6.2.0.14 where forwarding an email containing base64 or quoted-printable encoded attachments fails to warn, enabling a remote attacker to read arbitrary files via spoofed Converted headers. The underlying cause is improper handling/validation of encoded atta...
CVE-2004-1944
CVE-2004-1944 affects Eudora 6.1 and 6.0.3 for Windows, where processing a deeply nested multipart MIME message can cause a remote denial-of-service (crash). The available sources confirm the affected product and the crash impact, but no patch/version remediation details are provided in the docum...
CVE-2001-0365
In the provided records, CVE-2001-0365 affects Eudora before 5.1. The vulnerability arises when the email client is configured with “Use Microsoft Viewer” and “allow executables in HTML content” enabled, allowing a remote attacker to execute arbitrary code via an HTML email containing Javascript ...
CVE-2000-0874
The CVE-2000-0874 entry describes a vulnerability in the Eudora mail client where the absolute path of the sender’s host is disclosed within a virtual card (VCF). Affected component is the VCF handling/serialization in Eudora; root cause is path disclosure leading to potential exposure of local s...
CVE-2003-0376
This CVE concerns Eudora 5.2.1, where a buffer overflow in the Attachment Converted argument with a large sequence of dots can be triggered remotely to cause a denial of service and potentially execute arbitrary code. Affected component: Eudora mail client; root cause: unbounded input handling le...
CVE-2002-0456
CVE-2002-0456 affects Eudora 5.1 and earlier. The issue arises because attachments are stored in a directory with a fixed name, which could enable attackers to exploit vulnerabilities in other software that rely on installing/reading files from directories with known pathnames. The provided docum...
CVE-2002-1210
Vulnerability summary (CVE-2002-1210) : Qualcomm Eudora 5.1.1, 5.2 (and possibly other versions) stores email attachments in a predictable location. This enables remote attackers to read arbitrary files by sending a link that loads an attachment containing malicious script into a frame, where the...
CVE-2001-0677
Eudora 5.0.2 is affected. A remote attacker can read arbitrary files by crafting an email whose Attachment Converted MIME header contains the path to a target file; when the user forwards the message, the file is sent to the attacker. Root cause involves improper handling of the Attachment Conver...
CVE-2002-1770
Qualcomm Eudora 5.1 is affected. The vulnerability allows remote code execution via an HTML e-mail that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript, which is launched and executed in the My Computer zone by Internet Explorer. The pr...
CVE-2003-0336
Qualcomm Eudora 5.2.1 is affected by CVE-2003-0336. A remote attacker can read arbitrary files by sending an email message that contains a carriage return (CR) in a spoofed "Attachment Converted:" string, which is not properly handled by Eudora. This represents a file-read vulnerability via craft...
CVE-2002-2313
The vulnerability CVE-2002-2313 affects Eudora email client 5.1.1 when the “use Microsoft viewer” option is enabled. An HTML email containing a META refresh tag that references an embedded .mhtml file with ActiveX controls can trigger execution of a second embedded program processed by Internet E...
CVE-2004-2005
CVE-2004-2005 describes a buffer overflow in Eudora for Windows versions 5.2.1, 6.0.3, and 6.1. An attacker could trigger remote arbitrary code execution by sending an email containing (1) a link to a long URL to the C drive or (2) a long attachment name. The provided documents do not specify a p...
CVE-2002-0833
CVE-2002-0833 concerns a buffer overflow in Eudora for Windows (notably versions 5.1.1 and 5.0-J) triggered by processing a malicious MIME multipart message with an excessively long boundary string. The vulnerability resides in the multipart boundary handling, allowing remote attackers to potenti...
CVE-2003-0302
The CVE-2003-0302 entry concerns the IMAP Client for Eudora 5.2.1. The underlying issue is integer signedness/overflow errors triggered by certain large literal size values from a remote IMAP server, enabling a denial of service and potentially arbitrary code execution. Public documentation confi...