Paul Szabo, a computer systems officer at the University of Sydney, reported the flaws in versions 6.1, 6.0.3 and 5.2.1 of Eudora and warned that Windows users were at risk of complete system takeover.
According to Szabo’s advisory, the vulnerability is due to a boundary error within the URL-handling functionality. A malicious hacker could exploit the hole with an e-mail containing a specially crafted link.
“Attachments may be spoofed, even in the latest 6.1 version. Be careful about forwarding messages with attachments, as sensitive/private documents may be sent silently. Be careful about clicking on attachments,” said Szabo, who publishes the Secure Your PC Web site.
See the complete story on internetnews.com.