VULHUB ™

Eudora improperly handles filenames of files attached in e-mails. An exceedingly long filename can result in a buffer overflow condition when the program processes the attachment and tries to save the temporary file. In Eudora e-mail is processed while downloading mail from the server so buffer overflow occurs when the message is processed from the spool directory. This can even lock the e-mail account of the Eudora user. Attacker-supplied data makes it into EIP, so execution of arbitrary remote code is a possiblity. Deleting the offending file from the attachment directory under a DOS prompt reportedly allows Eudora to regain functionality.

Eudora improperly handles filenames of files attached in e-mails. An exceedingly long filename can result in a buffer overflow condition when the program processes the attachment and tries to save the temporary file. In Eudora e-mail is processed while downloading mail from the server so buffer overflow occurs when the message is processed from the spool directory. This can even lock the e-mail account of the Eudora user. Attacker-supplied data makes it into EIP, so execution of arbitrary remote code is a possiblity. Deleting the offending file from the attachment directory under a DOS prompt reportedly allows Eudora to regain functionality.