Qualcomm Eudora Hidden Attachment Execution Vulnerability

Qualcomm Eudora Hidden Attachment Execution Vulnerability

Eudora is an email program for the Windows platform. Eudora contains a vulnerability which may make it possible for an attacker to excecute arbitrary code on a remote system even if 'allow executables in HTML content' is disabled, if the 'Use Microsoft viewer' option is enabled.

The attack can be carried out if the recipient of a maliciously crafted email 'submits' a form in the message.

This may lead to remote attackers gaining access to victim hosts.

** Eudora 5.1.1 is also stated as being vulnerable to this issue. The problem stems from Eudora not treating files with a '.MHTML' extension with caution.