11 lines
No EOL
660 B
Text
11 lines
No EOL
660 B
Text
source: http://www.securityfocus.com/bid/1157/info
|
|
|
|
A malicious email sender can circumvent warning messages that would normally display when a user attempts to view executable attachments in Eudora 4.2/4.3. Eudora does not prompt a user with the warning message if they are attempting to open a file that is neither .exe, .com, or .bat.
|
|
|
|
Inserting the tag
|
|
<a href="file:///c:/eudora/attach/file.lnk"\>http ://www.example.com</ a>
|
|
in an email message will display as:
|
|
http ://www.example.com
|
|
in a Eudora email client.
|
|
|
|
Therefore, when a user clicks on this link, it will automatically open up the executable file without warning. |