News

Eudora plagued by massive security hole

E-mail program Eudora contains an "easily exploitable" hole that allows remote system access.

According to security experts Secunia and the person who discovered the hole, Paul Szabo, the hole can be exploited with no more than a malicious e-mail containing an overly long link (more than 300 bytes).

It affects the most recent versions of Eudora, including the 6.1 update, released only last week. Szabo said the hole "seems fixed in 6.0.1 and 6.0.3, but is unfixed [exploitable again] in 6.1".

However, Secunia reported that 6.0.3 remains vulnerable, and 5.2.1 and older versions may be wide open too.

Both Szabo and Secunia advised users not to use Eudora, and warned there are also other highly critical vulnerabilities in the software, including the fact that attachments can be spoofed and are also pre-extracted, making the spread of worms and viruses far more likely.

"If you still insist on using Eudora, you must disable both Allow executables in HTML content and Use Microsoft's viewer in Tools > Options > Viewing Mail," said Szabo. "You may also want to disable automatically download HTML graphics in Display."

Eudora was an early leader in the e-mail program market, and now occupies 5% the market.

Kieren McCarthy writes for Techworld.com


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy