Signature Detail

Short Name	SMTP:EMAIL:EUDORA-LONG-MSG-URL
Severity	Medium
Recommended	No
Category	SMTP
Keywords	Eudora Long URL Overflow
Release Date	2004/05/12
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SMTP: Eudora Long URL Overflow

This signature detects e-mail messages that include long, clickable URLs. Eudora 6.1 and earlier versions are vulnerable. Attackers can include a long, clickable URL in an e-mail message sent to a Eudora e-mail client to crash the service and execute arbitrary code.

Extended Description

Qualcomm Eudora is reported to be prone to a remotely exploitable buffer overrun vulnerability. The issue is exposed when an excessively long hyperlink to a file resource is embedded in an HTML e-mail. This may permit remote attackers to execute arbitrary code via malicious e-mail in the context of the client user. This issue was reported in Eudora on Windows platforms. Eudora for Apple Mac operating systems may be similarly affected, though this has not been confirmed.

Affected Products

Qualcomm Eudora 5.2.1
Qualcomm Eudora 6.0.0
Qualcomm Eudora 6.0.1
Qualcomm Eudora 6.0.3
Qualcomm Eudora 6.1.0

References

BugTraq: 10298
CVE: CVE-2004-2005
URL: http://marc.theaimsgroup.com/?l=bugtraq&m=108395487628044&w=2
URL: http://www.eudora.com/download/eudora/windows/6.1.1/RelNotes.txt

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

SMTP: Eudora Long URL Overflow

Extended Description

Affected Products

References