Full Disclosure mailing list archives

RE: Eudora 6.0 attachment spoof, exploit

From: "Chris DeVoney" <cdevoney () u washington edu>
Date: Mon, 15 Sep 2003 15:10:02 -0700

I know it's only one instance of a message sent to a couple newgroups that
is getting endless echos, but this is getting *REAL* monotonous.

cdv

------------------------
Chris DeVoney
Clinical Research Center Informatics
University of Washington
------------------------

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
Paul Szabo
Sent: Friday, September 12, 2003 10:20 PM
To: beckley () qualcomm com; bugtraq () securityfocus com; 
full-disclosure () lists netsys com
Subject: [Full-disclosure] Eudora 6.0 attachment spoof, exploit

Eudora 6.0 was released recently; I tested the Windows 
version only. It still contains several vulnerabilities, the 
most serious being an execute-any-code bug. It is distressing 
that the "spoof and steal" bug was pointed out years ago; the 
execute-any-code bug in 5.2.1 was sent to Qualcomm on 29 May 2003.

Cheers,

Paul Szabo - psz () maths usyd edu au  
http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   
2006  Australia

<snip>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Eudora 6.0 attachment spoof, exploit Paul Szabo (Sep 12)
- RE: Eudora 6.0 attachment spoof, exploit Chris DeVoney (Sep 15)