On Fri, 7 Aug 1998, Stout, Bill wrote: > Eudora Pro 4.0 and 4.0.1 will execute Java from a URL. > > "The Eudora flaw came to light just a little more than a week after > security researchers announced a similar problem in versions of > Microsoft's Outlook and Outlook Express e-mail programs and in > Netscape's Mail program. The Eudora vulnerability was brought to light > earlier this week by Richard M. Smith, president of Phar Lap Software, a > Cambridge, Mass.-based maker of operating system software and products > for Microsoft's MS-DOS, the operating system that predated Windows." > http://www.mercurycenter.com/premium/business/docs/internet07.htm > > "You may have read recently that there is potential for unauthorized > programs to be run on your system through the use of hostile Java > scripts and/or applets. This problem affects users of Eudora Pro Email > 4.0 and 4.0.1, as well as Eudora Pro CommCenter 4.0 and 4.0.1. Note that > Eudora Light users and users of previous versions of Eudora Pro are not > susceptible to these Java attacks..." > http://eudora.qualcomm.com/security.html > > Bill Stout Actually there were rumbles about this on bugtraq as far back as February. I remember because it prompted me to add active-HTML tag mangling to my procmail filter set. BTW, just in case you haven't heard yet, <PLUG TYPE="shameless"> Drop by http://www.wolfenet.com/~jhardin/procmail-security.html </PLUG> Comments solicited. -- John Hardin KA7OHZ jhardinat_private pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5 PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76 ----------------------------------------------------------------------- Your mouse has moved. Windows NT must be restarted for the change to take effect. Reboot now? [ OK ] ----------------------------------------------------------------------- 79 days until Daylight Savings Time ends
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:48 PDT