Vulnerability CVE-2001-0365

Vulnerability Name:

CVE-2001-0365 (CCN-6262)

Assigned:

2001-03-18

Published:

2001-03-18

Updated:

2017-10-10

Summary:

Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer' and 'allow executables in HTML content' options are enabled, via an HTML email message containing Javascript, with ActiveX controls and malicious code within IMG tags.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: BugTraq Mailing List, Sun Mar 18 2001 - 03:38:46 CST
feeble.you!dora.exploit

Source: CCN
Type: BugTraq Mailing List, Mon Mar 19 2001 - 16:26:06 CST
Re: feeble.you!dora.exploit

Source: CCN
Type: BugTraq Mailing List, Tue Mar 20 2001 - 13:23:48 CST
Re: feeble.you!dora.exploit

Source: CCN
Type: BugTraq Mailing List, Wed Mar 21 2001 - 09:48:28 CST
Re: feeble.you!dora.exploit

Source: MITRE
Type: CNA
CVE-2001-0365

Source: BUGTRAQ
Type: UNKNOWN
20010318 feeble.you!dora.exploit

Source: CCN
Type: Eudora Web site
Eudora Download

Source: CCN
Type: OSVDB ID: 14801
Eudora Multiple Option IE Launch Code Execution

Source: BID
Type: Exploit, Patch, Vendor Advisory
2490

Source: CCN
Type: BID-2490
Qualcomm Eudora Use Microsoft Viewer Code Execution Vulnerability

Source: XF
Type: UNKNOWN
eudora-html-execute-code(6262)

Source: XF
Type: UNKNOWN
eudora-html-execute-code(6262)

Vulnerable Configuration:

Configuration 1:

cpe:/a:qualcomm:eudora:5.0.2:*:*:*:*:*:*:*

OR cpe:/a:qualcomm:eudora:*:*:*:*:*:*:*:* (Version <= 5.1)

Configuration CCN 1:

cpe:/a:qualcomm:eudora:5.0.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK