mailing list archives
Re: Exploit using Eudora and the Guninski hole
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 21 Sep 2000 04:53:28 +1200
SIMARD SECURITY ADVISORY 20000919.1
by Louis-Eric Simard, Security Consultant (Louis-Eric () Simard com)
Windows 2000 [5.00.2195] running Eudora 4.3.2. Later versions of Eudora
have not been tested.
...but most older ones (going *way* back to erly Win16
implementations) are also vulnerable.
A malicious intruder can easily take control of a Windows environment by
simply sending one or more e-mails containing attachments conforming to
the description set in the Georgi Guninski security advisory #21 if the
receiver is using Eudora as a mail client.
Eudora saves all attachments in a single directory upon receiving the
mail; a mail message need not be open for its attachment to be decoded
and saved in that common directory. An intruder need only send an e-mail
with a trojaned DLL as described in the Guninski advisory, along with
or followed by an e-mail containing a Word document.
Always hated that option. I couldn't see why anyone with a hint of a
clue about security would like it. Was dumb-founded it was ever made
The advisory would have been better had you mentioned that although
this is the *default* behaviour of Eudora, it is configurable and can
be easily disabled. There have been other exploits based on the
utter predicability of this behaviour -- anyone still running Eudora
with this option enabled needs their head read.