Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0342

CWE-597 documents4 sources

Severity

7.5HIGH

EPSS

2.5%

top 14.50%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Qualcomm Eudora

Timeline

PublishedApr 28

Latest updateApr 30

Description

Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDqualcomm/eudora4.0

🔴Vulnerability Details

GHSA

GHSA-885f-x463-v454: Eudora 4↗2022-04-30

▶

CVEList

CVE-2000-0342: Eudora 4↗2000-07-12

▶

💥Exploits & PoCs

Exploit-DB

Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass (1)↗2003-11-25

▶

Exploit-DB

Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass (2)↗2003-11-25

▶

Exploit-DB

Qualcomm Eudora 5.2.1/6.0 - File Attachment Spoofing Variant↗2003-05-22

▶

Exploit-DB

Qualcomm Eudora 4.2/4.3 - Warning Message Circumvention↗2000-04-28

▶