[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Eudora Vulnerability

Title: Eudora Vulnerability
Released by: The Freedom Factory
Date: 19th September 2000
Printable version: Click here 




SIMARD SECURITY ADVISORY 20000919.1

by Louis-Eric Simard, Security Consultant (Louis-Eric@Simard.com)





   RELEASE DATE

   September 19th 2000



   TESTED SYSTEMS

   Windows 2000 [5.00.2195] running Eudora 4.3.2. Later versions of Eudora

have not been tested.



   SYNOPSIS

   A malicious intruder can easily take control of a Windows environment by

simply sending one or more e-mails containing attachments conforming to

   the description set in the Georgi Guninski security advisory #21 if the

receiver is using Eudora as a mail client.



   PROBLEM DESCRIPTION

   Eudora saves all attachments in a single directory upon receiving the

mail; a mail message need not be open for its attachment to be decoded

   and saved in that common directory. An intruder need only send an e-mail

with a trojaned DLL as described in the Guninski advisory, along with

   or followed by an e-mail containing a Word document.



   DEMONSTRATION

   A dummy RICHED20.DLL file is attached here. To test the security hole,

simply mail this file along with the supplied (or any) Word file, then

   click on the Word file. After a few seconds, a message box titled

"Gotcha" will appear, indicating "Fake RICHED20.DLL loaded."



   ACKNOWLEDGEMENTS

   Gergi Guninski for pointing out this issue in the first place.



   COMMENTS

   Please send suggestions, updates and comments to Louis-Eric@Simard.com.



   DISCLAIMER

   Louis-Eric Simard and The Freedom Factory, Inc. are not responsible for

the misuse of any of the information they provide through their security

   advisories. Our advisories are a service to the information security

community intended to promote safe computing practices and warn users of

   possible security breaches. The information within this document may

change without notice. Use of this information constitutes acceptance for

   use in an AS IS condition. There are NO warranties with regard to this

information. In no event shall the author(s) be liable for any consequences

   whatsoever arising out of or in connection with the use or spread of

this information. Any use of this information lays within the user's

   responsibility.



   COPYRIGHT

   This advisory and acocmpanying document(s), if any, are the property of

The Freedom Factory, Inc. All rights reserved.






(C) 1999-2000 All rights reserved.