| Vulnerability Name: | CVE-2001-1326 (CCN-6635) | ||||||||
| Assigned: | 2001-05-29 | ||||||||
| Published: | 2001-05-29 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon May 28 2001 - 21:48:42 CDT feeble.hey!dora.exploit part.II Source: MITRE Type: CNA CVE-2001-1326 Source: CCN Type: OSVDB ID: 8344 Eudora Attachment Arbitrary Code Execution Source: BUGTRAQ Type: Vendor Advisory 20010528 feeble.hey!dora.exploit part.II Source: BID Type: Exploit, Patch, Vendor Advisory 2796 Source: CCN Type: BID-2796 Qualcomm Eudora Hidden Attachment Execution Vulnerability Source: XF Type: UNKNOWN eudora-msviewer-execute-attachment(6635) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||