CVE-2001-0365 - Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer

CVE-2001-0365

Summary

Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer' and 'allow executables in HTML content' options are enabled, via an HTML email message containing Javascript, with ActiveX controls and malicious code within IMG tags.

References

http://marc.info/?l=bugtraq&m=98503741910995&w=2
http://www.securityfocus.com/bid/2490
https://exchange.xforce.ibmcloud.com/vulnerabilities/6262

Vulnerable Configurations

cpe:2.3:a:qualcomm:eudora:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:qualcomm:eudora:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:qualcomm:eudora:*:*:*:*:*:*:*:*
cpe:2.3:a:qualcomm:eudora:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 10-10-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	2490
bugtraq	20010318 feeble.you!dora.exploit
xf	eudora-html-execute-code(6262)

Last major update

10-10-2017 - 01:29

Published

27-06-2001 - 04:00

Last modified

10-10-2017 - 01:29