SMTP: Eudora Long URL Overflow
This signature detects e-mail messages that include long, clickable URLs. Eudora 6.1 and earlier versions are vulnerable. Attackers can include a long, clickable URL in an e-mail message sent to a Eudora e-mail client to crash the service and execute arbitrary code.
Extended Description
Qualcomm Eudora is reported to be prone to a remotely exploitable buffer overrun vulnerability. The issue is exposed when an excessively long hyperlink to a file resource is embedded in an HTML e-mail. This may permit remote attackers to execute arbitrary code via malicious e-mail in the context of the client user. This issue was reported in Eudora on Windows platforms. Eudora for Apple Mac operating systems may be similarly affected, though this has not been confirmed.
Affected Products
Qualcomm eudora
Short Name
SMTP:EMAIL:EUDORA-LONG-MSG-URL
Severity
Minor
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
CVE-2004-2005 Eudora Long Overflow URL bid:10298
Release Date
05/12/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Qualcomm
CVSS Score
5.1