mailing list archives
Exploit using Eudora and the Guninski hole
From: Louis-Eric Simard <Louis-Eric () SIMARD COM>
Date: Tue, 19 Sep 2000 15:47:03 -0400
SIMARD SECURITY ADVISORY 20000919.1
by Louis-Eric Simard, Security Consultant (Louis-Eric () Simard com)
September 19th 2000
Windows 2000 [5.00.2195] running Eudora 4.3.2. Later versions of Eudora
have not been tested.
A malicious intruder can easily take control of a Windows environment by
simply sending one or more e-mails containing attachments conforming to
the description set in the Georgi Guninski security advisory #21 if the
receiver is using Eudora as a mail client.
Eudora saves all attachments in a single directory upon receiving the
mail; a mail message need not be open for its attachment to be decoded
and saved in that common directory. An intruder need only send an e-mail
with a trojaned DLL as described in the Guninski advisory, along with
or followed by an e-mail containing a Word document.
A dummy RICHED20.DLL file is attached here. To test the security hole,
simply mail this file along with the supplied (or any) Word file, then
click on the Word file. After a few seconds, a message box titled
"Gotcha" will appear, indicating "Fake RICHED20.DLL loaded."
Gergi Guninski for pointing out this issue in the first place.
Please send suggestions, updates and comments to Louis-Eric () Simard com
Louis-Eric Simard and The Freedom Factory, Inc. are not responsible for
the misuse of any of the information they provide through their security
advisories. Our advisories are a service to the information security
community intended to promote safe computing practices and warn users of
possible security breaches. The information within this document may
change without notice. Use of this information constitutes acceptance for
use in an AS IS condition. There are NO warranties with regard to this
information. In no event shall the author(s) be liable for any consequences
whatsoever arising out of or in connection with the use or spread of
this information. Any use of this information lays within the user's
This advisory and acocmpanying document(s), if any, are the property of
The Freedom Factory, Inc. All rights reserved.
- Exploit using Eudora and the Guninski hole Louis-Eric Simard (Sep 19)