Krystian Kloskowski has discovered some vulnerabilities in Eudora, which can be exploited by malicious people to compromise a user's system.
1) A boundary error when processing SMTP server reply strings can be exploited to cause a stack-based buffer overflow via an overly long, specially crafted SMTP reply string.
Successful exploitation allows execution of arbitrary code when a user sends an email, but requires that the user is tricked into connecting to a malicious SMTP server by editing the application's settings. Also, the user has to click on "Cancel" when presented with the buffer overflow warning message box.
2) A boundary error when processing IMAP FLAGS responses can be exploited to cause a stack based buffer overflow via a specially crafted response containing overly long strings.
Successful exploitation allows execution of arbitrary code, but requires that a user is tricked into connecting to a malicious IMAP server.
The vulnerabilities are confirmed in version 18.104.22.168. Other versions may also be affected.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org