24 Aug 1998
A flaw in Eudora, the most widely used e-mail program, makes it possible to booby trap an e-mail message by inserting a seemingly harmless link to an internet location that would, in fact, execute code that erases files or spreads viruses.
The program's manufacturer, Qualcomm, said the buffer overflow vulnerability affects only Eudora Pro E-mail 4.0 for Windows and Eudora Pro E-mail 4.0.1 for Windows. The company advised those of its 18 million customers who use the affected programs to disable the Microsoft viewer and apply a patch, which it has posted on its website.
The security notice stated: "This risk involves the ability for users to include hostile Java applets or scripts in an e-mail message. The offending code has the potential to allow a person to attach to an e-mail an executable program while 'hiding' the name of the attachment as a URL in the message."
The flaw exploits Eudora's ability to read messages as if they were web pages, letting its users embed active HTML links and live JavaScript applications within e-mail.
Have your say on this article
Newsletters
Latest stories from Networks
Latest videos
You may also like
Networks jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
