Re: Eudora executes (Java) URL

[jhardin () WOLFENET COM (John D. Hardin)]

On Fri, 7 Aug 1998, Stout, Bill wrote:

> Eudora Pro 4.0 and 4.0.1 will execute Java from a URL.
>
> "The Eudora flaw came to light just a little more than a week after
> security researchers announced a similar problem in versions of
> Microsoft's Outlook and Outlook Express e-mail programs and in
> Netscape's Mail program. The Eudora vulnerability was brought to light
> earlier this week by Richard M. Smith, president of Phar Lap Software, a
> Cambridge, Mass.-based maker of operating system software and products
> for Microsoft's MS-DOS, the operating system that predated Windows."
> http://www.mercurycenter.com/premium/business/docs/internet07.htm
>
> "You may have read recently that there is potential for unauthorized
> programs to be run on your system through the use of hostile Java
> scripts and/or applets. This problem affects users of Eudora Pro Email
> 4.0 and 4.0.1, as well as Eudora Pro CommCenter 4.0 and 4.0.1. Note that
> Eudora Light users and users of previous versions of Eudora Pro are not
> susceptible to these Java attacks..."
> http://eudora.qualcomm.com/security.html
>
> Bill Stout

Actually there were rumbles about this on bugtraq as far back as February.
I remember because it prompted me to add active-HTML tag mangling to my
procmail filter set.

BTW, just in case you haven't heard yet,

<PLUG TYPE="shameless">
Drop by http://www.wolfenet.com/~jhardin/procmail-security.html
</PLUG>

Comments solicited.

--
 John Hardin KA7OHZ                               jhardin () wolfenet com
 pgpk -a finger://gonzo.wolfenet.com/jhardin    PGP key ID: 0x41EA94F5
 PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
-----------------------------------------------------------------------
  Your mouse has moved. Windows NT must be restarted for the change
  to take effect. Reboot now?  [ OK ]
-----------------------------------------------------------------------
   79 days until Daylight Savings Time ends