[7579] in bugtraq
Re: Eudora executes (Java) URL
daemon@ATHENA.MIT.EDU (John D. Hardin)
Fri Aug 7 22:31:36 1998
Date: Fri, 7 Aug 1998 15:12:02 -0700
Reply-To: "John D. Hardin" <jhardin@WOLFENET.COM>
From: "John D. Hardin" <jhardin@WOLFENET.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <33C5AB9085E1D1119AB90000F89CBC7E016BAC33@PIOUSHQNTMAIL1.PIOS.COM>
On Fri, 7 Aug 1998, Stout, Bill wrote:
> Eudora Pro 4.0 and 4.0.1 will execute Java from a URL.
>
> "The Eudora flaw came to light just a little more than a week after
> security researchers announced a similar problem in versions of
> Microsoft's Outlook and Outlook Express e-mail programs and in
> Netscape's Mail program. The Eudora vulnerability was brought to light
> earlier this week by Richard M. Smith, president of Phar Lap Software, a
> Cambridge, Mass.-based maker of operating system software and products
> for Microsoft's MS-DOS, the operating system that predated Windows."
> http://www.mercurycenter.com/premium/business/docs/internet07.htm
>
> "You may have read recently that there is potential for unauthorized
> programs to be run on your system through the use of hostile Java
> scripts and/or applets. This problem affects users of Eudora Pro Email
> 4.0 and 4.0.1, as well as Eudora Pro CommCenter 4.0 and 4.0.1. Note that
> Eudora Light users and users of previous versions of Eudora Pro are not
> susceptible to these Java attacks..."
> http://eudora.qualcomm.com/security.html
>
> Bill Stout
Actually there were rumbles about this on bugtraq as far back as February.
I remember because it prompted me to add active-HTML tag mangling to my
procmail filter set.
BTW, just in case you haven't heard yet,
<PLUG TYPE="shameless">
Drop by http://www.wolfenet.com/~jhardin/procmail-security.html
</PLUG>
Comments solicited.
--
John Hardin KA7OHZ jhardin@wolfenet.com
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
-----------------------------------------------------------------------
Your mouse has moved. Windows NT must be restarted for the change
to take effect. Reboot now? [ OK ]
-----------------------------------------------------------------------
79 days until Daylight Savings Time ends
