[19718] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: feeble.you!dora.exploit

daemon@ATHENA.MIT.EDU (Jeff Beckley)
Tue Mar 20 12:17:46 2001

Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-ID:  <5.1.0.10.0.20010319141552.071c8a50@adept.qualcomm.com>
Date:         Mon, 19 Mar 2001 14:26:06 -0800
Reply-To: Jeff Beckley <beckley@QUALCOMM.COM>
From: Jeff Beckley <beckley@QUALCOMM.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <23123356.984908332840.JavaMail.imail@slippery>

At 01:38 AM 3/18/2001 -0800, http-equiv@excite.com wrote:
>Silent delivery and installation of an executable on a target computer. No
>client input other than opening an email using Eudora 5.02 - Sponsored Mode
>provided 'use Microsoft viewer' and 'allow executables in HTML content' are
>enabled.

The "Allow executables in HTML content" setting is turned off by
default.  The online help and user manual mention that the setting should
remain off for security reasons.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[19718] in bugtraq

Re: feeble.you!dora.exploit

daemon@ATHENA.MIT.EDU (Jeff Beckley)Tue Mar 20 12:17:46 2001

daemon@ATHENA.MIT.EDU (Jeff Beckley)
Tue Mar 20 12:17:46 2001