Eudora执行代码漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106257 漏洞类型 未知
发布时间 2001-03-18 更新时间 2005-05-02
CVE编号 CVE-2001-0365 CNNVD-ID CNNVD-200106-138
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/20688
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200106-138
|漏洞详情
Eudora5.1之前版本存在漏洞。当'UseMicrosoftViewer'和'allowexecutablesinHTMLcontent'启动时,远程攻击者可以借助包含带有ActiveX控制和恶意IMG标签代码Java脚本的HTML邮件执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/2490/info

Eudora uses Internet Explorer to assist in the viewing of html messages if the 'Use Microsoft Viewer' option is enabled. Eudora also has a 'allow executables in HTML content' option, which the documentation recommends be disabled for securithy reasons. It is possible for an attacker to excecute arbitrary code on a remote system even if 'allow executables in HTML content' is disabled, if the 'Use Microsoft viewer' option is enabled. 

http://www.malware.com/you!DORA.txt
|参考资料

来源:XF
名称:eudora-html-execute-code(6262)
链接:http://xforce.iss.net/static/6262.php
来源:BID
名称:2490
链接:http://www.securityfocus.com/bid/2490
来源:BUGTRAQ
名称:20010318feeble.you!dora.exploit
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=98503741910995&w=2