VULHUB ™

Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing malicious content. It is possible to refer to other files or attachments in a message through specially formatted inline text. If the CR (carriage return) character (0x0D, Ctrl-M) is embedded anywhere in the 'Attachment Converted' string, it is possible to execute message attachments without further user interaction. It is likely that this vulnerability is related to the issue described in BID 5432.

Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing malicious content. It is possible to refer to other files or attachments in a message through specially formatted inline text. If the CR (carriage return) character (0x0D, Ctrl-M) is embedded anywhere in the 'Attachment Converted' string, it is possible to execute message attachments without further user interaction. It is likely that this vulnerability is related to the issue described in BID 5432.