RE: MSIE vulnerability exploitable with IncrediMail

[Joachim Thuau <JThuau () thq com>]

There is an options under Tools/Options/Attachements which allow a user to
specify the directory for an attachement.

check
http://www.eudora.com/download/eudora/windows/5.1/full_elec/Manual51.pdf

page 229 - 230

--8<--[quote]--8<--
Attachment directory - This specifies what directory will receive incoming
attachments.
To specify a folder, single-click the folder name button. A dialog box
appears prompting
you to select a folder. The default folder is the Attach sub-folder of your
Eudora Pro folder.
--8<--[quote]--8<--

I beleive this option was already in place in 3.x,4.x and 5.x

as well as an option to set the "delete attachement when emptying trash".
(which might not work, from what you are saying).

My $.02

-----Original Message-----
From: RT [mailto:roelof () sensepost com]
Sent: Friday, March 15, 2002 4:59 PM
To: Thor Larholm
Cc: 'Eric Detoisien'; bugtraq () securityfocus com
Subject: RE: MSIE vulnerability exploitable with IncrediMail


Immm...

Eudora Mail .. automatically saves attachments in <drive>:\program
files\qualcomm\eudora\attachments .. right?

The (very old) version (4.1) that I have sure does that. And even if you
delete
the email itself (after opening), or right click on the file and selecting
delete -
the file stays.

So, you just need to get the file in there and have the user visit a
corrupted
web .. and hey.. presto!

Just my 2c on this,
Roelof.

On Fri, 15 Mar 2002, Thor Larholm wrote:

+Isn't {42D00B20-479C-11d4-9706-00105A40931C} a GUID for your user account,
+and as such unknown from time to time, making the proposed exploit
+unfeasable ?
+
+
+Regards
+Thor Larholm
+Jubii A/S - Internet Programmer
+
+

------------------------------------------------------
Roelof W Temmingh               SensePost IT security
roelof () sensepost com            +27 83 448 6996
http://www.sensepost.com        http://www.hackrack.com