Security hole in Eudora
A researcher has discovered a security hole in Qualcomm Inc.’s (qcom) Eudora e-mail program that could allow a hacker to run code on a user’s machine.
The exploit requires that a user open an e-mail file and click on a link in the message, said Bennett Haselton, a Webmaster for Peacefire.org who reported the flaw.
When the user clicks the link, the code is executed. The trick, is to mask the warning that Eudora normally displays when a user tries to run an executable file that is sent as an attachment.
The hacker would send the user two attachments, the executable file and a hyperlink that points to the other attachment. If the user clicks on that, the executable code will run without displaying the warnings.
Users can fix the problem by editing their Eudora program to add a warning for links. Qualcomm also plans to add the warning in future versions of the software.
Uncategorized