High-Risk Flaws Patched in EudoraBy Ryan Naraine | Posted 2005-02-03 Email Print
Multiple vulnerabilities in the venerable e-mail client put users at risk of PC hijacking.Qualcomm has pushed out an update for its Eudora e-mail client to fix multiple security flaws that put users at risk of computer hijacking.
The San Diego-based Qualcomm Inc., which offers a free version of the client alongside premium versions, said the new Eudora 6.2.1 corrects several vulnerabilities reported by research firm NGSS (Next Generation Security Software Ltd.)
Secunia has slapped a "highly critical" rating on the flaws and is urging users to upgrade immediately.
NGSS researcher John Heasman described the flaws as "high risk" in the Windows version of Eudora and warned that a malicious attacker could execute arbitrary code if a user previews or opens a specially crafted e-mail.
The vulnerabilities also could be exploited if users open specially crafted stationery or mailbox files, Heasman added.
NGSS said it would withhold technical details of the vulnerabilities until May 2 to allow a three-month window for affected users to apply the patch.
The Eudora mail client, which is available for Windows, Mac and Palm users, was the dominant e-mail program for years before being bypassed by Microsoft Corp.'s Outlook. In the early days of the Internet, Eudora was often bundled with ISP startup packages and new computers.
The program was created by Steve Dorner at the University of Illinois before Qualcomm acquired the license and created a market around Eudora.
Qualcomm has added several enhancements to Eudora in recent times, including a new feature called SpamWatch to allow for the filtering of unsolicited e-mails.
The program also includes plug-ins that tie into spam scoring services that IT departments or ISPs are already running.