SMTP: Eudora URL Spoofing
This signature detects attempts to exploit a vulnerability in the Eudora mail client. By supplying a link containing character entities, an attacker can force Eudora to display a link as something other than what it really is.
Extended Description
It has been reported that the Qualcomm Eudora MTA is prone to a URI obfuscation weakness that may hide the true contents of a link. The problem occurs when a user@location URI is formatted in such a way that a "^A" control character is located after the user value. The user value may then be appended with space characters to obfuscate status bar and mouseover details. It is said that, when doing a mouseover of such a URI, it will cause the status bar to only display the contents of the user value, not the entire link.
Affected Products
Qualcomm eudora
Short Name
SMTP:EXPLOIT:EUDORA-URL-SPOOF
Severity
Warning
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
Eudora Spoofing URL bid:10305
Release Date
11/17/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Qualcomm
Microsoft