Eudora 4.2/4.3 Warning Message Circumvention Vulnerability

Inserting the tag
<a &nbsp;href="file:///c:/eudora/attach/file.lnk"\>http&nbsp;://</&nbsp;a>
in an email message will display as:
in a Eudora email client.

Therefore, when a user clicks on this link, it will automatically open up the executable file without warning.

Bennett Haselton <> has set up the following demonstration page:


Privacy Statement
Copyright 2010, SecurityFocus