Claris Emailer buffer over flow vulnerabirity

[awacs <awacs () hawkeye ac>]

If already published, already fix it, too much old infomation,
please send trash box :-)

#At least 2.0v2 is not fixed if Apple does't tell a lie.

   ---------------------------------------------------------------------
   Claris Emailer buffer over flow vulnerabirity
   Problem first discoverd:2000.7.26
   Discoverd by: awacs@hawkeye
   Published: 2001.10.19
   ---------------------------------------------------------------------
   Description:
   Claris Emailer is mail client for Macintosh.
   Development is already finished and maybe maintenance is not done.

   This mail client have problem about enveloved file name handling,
   buffer overflow occers when handle long file name.

   When this client recieved mail, this save it in temporary folder,
   and interpret file , do necessary process. Therefore, once evil
   mail recieved, user gets impossible to use software so that a
   similer problem occers again. If user want to use after problem,
   (s)he deletes or revise evil mail on temprary folder.

   If evil person know how to execute evil program on MacOS, (s)he may
   be able to execute arbitary code on victim.

   Tested version :
   Claris Emailer-J 2.0v1
   Not tested other version, so it may be a problem only of Japanese version.

   Solution:
   Change new and more safely mail client.

   Disclimer:
   You will copy, distribute and publish this content,so long as you
   change nothing.
   _________________________________________________________________