Vulnerability Development mailing list archives
Eudora incoming email affects behavior
From: kluegel () LANL GOV (Thomas Kluegel)
Date: Fri, 18 Feb 2000 02:34:32 -0000
When a person downloads and uses the newly released adware Eudora 4.3, Qualcomm eventually sends out an email entitled: "Eudora Profile Information for youraddress () domain com". When Eudora receives this email it recognizes it as special and loads personal profile information. This seems very questionable, to distribute a client that can respond to special message emails sent to it. One wonders, what else can it do? Whatever Qualcomm can make it do via email, surely a forged email sent by anybody could do the same. Also, we have to take their word that arbitrary code execution isn't a part of the new Eudora's design. Am I off in the weeds with my concern on this? -- Tom Kluegel
Current thread:
- Re: WINS attack?, (continued)
- Re: WINS attack? John Hall (Feb 11)
- IE Java Nicolas Rachinsky (Feb 12)
- Unreal Webserver Adam Boileau (Feb 13)
- Re: Unreal Webserver Arturo (Feb 14)
- vulnerability database Ben Valenti (Feb 16)
- Re: vulnerability database H D Moore (Feb 17)
- Re: vulnerability database Yiorgos Adamopoulos (Feb 17)
- Re: vulnerability database Iván Arce (Feb 17)
- Re: vulnerability database Dragos Ruiu (Feb 17)
- Re: vulnerability database Jay D. Dyson (Feb 17)
- Eudora incoming email affects behavior Thomas Kluegel (Feb 17)
- Re: Eudora incoming email affects behavior Jay D. Dyson (Feb 18)
- Re: Eudora incoming email affects behavior Bluefish (Feb 29)