CVE-2000-0342
published 2000-04-28CVE-2000-0342: Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the…
PriorityP427high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EXPLOIT
EPSS
3.45%
87.5th percentile
Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qualcomm | eudora | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass (1)
exploitdb·2003-11-25
CVE-2000-0342 Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass (1)
Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass (1)
---
source: https://www.securityfocus.com/bid/9101/info
A problem has been identified in the implementation of LaunchProtect within Eudora. Because of this, it may be possible to trick users into performing dangerous actions.
** May 21, 2004 - Eudora version 6.1.1 has been released, however, it is reported that the new versions is vulnerable to this issue as well.
#!/usr/bin/perl --
use MIME::Base64;
print "From: me\n";
print "To: you\n";
print "Subject: Eudora 6.0.1 on Windows spoof, LaunchProtect\n";
print "\n";
print "Pipe the output of this script into: sendmail -i victim\n";
print "
Eudora 6.0.1 LaunchProtect handles the X-X.exe dichotomy in the attach
directory only, and allows spoofed attachments poin
Exploit-DB
Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass (2)
exploitdb·2003-11-25
CVE-2000-0342 Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass (2)
Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass (2)
---
source: https://www.securityfocus.com/bid/9101/info
A problem has been identified in the implementation of LaunchProtect within Eudora. Because of this, it may be possible to trick users into performing dangerous actions.
** May 21, 2004 - Eudora version 6.1.1 has been released, however, it is reported that the new versions is vulnerable to this issue as well.
#!/usr/bin/perl --
use MIME::Base64;
print "From: me\n";
print "To: you\n";
print "Subject: Eudora 6.1.1 on Windows spoof, LaunchProtect\n";
print "MIME-Version: 1.0\n";
print "Content-Type: multipart/mixed; boundary=\"zzz\"\n";
print "X-Use: Pipe the output of this script into: sendmail -i victim\n\n";
print "This is a multi-part message in MIME for
Exploit-DB
Qualcomm Eudora 5.2.1/6.0 - File Attachment Spoofing Variant
exploitdb·2003-05-22
CVE-2000-0342 Qualcomm Eudora 5.2.1/6.0 - File Attachment Spoofing Variant
Qualcomm Eudora 5.2.1/6.0 - File Attachment Spoofing Variant
---
source: https://www.securityfocus.com/bid/7653/info
Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing malicious content.
It is possible to refer to other files or attachments in a message through specially formatted inline text.
If the CR (carriage return) character (0x0D, Ctrl-M) is embedded anywhere in the 'Attachment Converted' string, it is possible to execute message attachments without further user interaction.
#!/usr/bin/perl --
use MIME::Base64;
print "From: me\n";
print "To: you\n";
print "Subject: Eudora 6.0 on Windows exploit\n";
print "MIME-Version: 1.0\n";
print
Exploit-DB
Qualcomm Eudora 4.2/4.3 - Warning Message Circumvention
exploitdb·2000-04-28
CVE-2003-0336 Qualcomm Eudora 4.2/4.3 - Warning Message Circumvention
Qualcomm Eudora 4.2/4.3 - Warning Message Circumvention
---
source: https://www.securityfocus.com/bid/1157/info
A malicious email sender can circumvent warning messages that would normally display when a user attempts to view executable attachments in Eudora 4.2/4.3. Eudora does not prompt a user with the warning message if they are attempting to open a file that is neither .exe, .com, or .bat.
Inserting the tag
http ://www.example.com
in an email message will display as:
http ://www.example.com
in a Eudora email client.
Therefore, when a user clicks on this link, it will automatically open up the executable file without warning.
No writeups or analysis indexed.
CWE
Product UI does not Warn User of Unsafe Actions
mitre_cwe·CVSS 4.6
[MEDIUM] CWE-356 Product UI does not Warn User of Unsafe Actions
CWE-356: Product UI does not Warn User of Unsafe Actions
The product's user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for attackers to trick users into inflicting damage to their system.
Product systems should warn users that a potentially dangerous action may occur if the user proceeds. For example, if the user downloads a file from an unknown source and attempts to execute the file on their machine, then the application's GUI can indicate that the file is unsafe.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Common Consequences:
Scope: Non-Repudiation. Impact: Hide Activities.
Observed Examples:
CVE-1999-1055: Product does not warn user when document contains certain dangerous funct
CWE
Windows Shortcut Following (.LNK)
mitre_cwe·CVSS 7.5
[HIGH] CWE-64 Windows Shortcut Following (.LNK)
CWE-64: Windows Shortcut Following (.LNK)
The product, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Modes of Introduction:
Phase: Operation
Common Consequences:
Scope: Confidentiality, Integrity. Impact: Read Files or Directories, Modify Files or Directories. The shortcut (file with the .lnk extension) can permit an attacker to read/write a file that they originally did not have permissions to access.
Potential Mitigations:
[Architecture and Design] Follow the principle of least privilege when assigning access rights to entities in a software system. Denying access to a file can prevent a
CWE
Improper Link Resolution Before File Access ('Link Following')
mitre_cwe
CWE-59 Improper Link Resolution Before File Access ('Link Following')
CWE-59: Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Background: Soft links are a UNIX term that is synonymous with simple shortcuts on Windows-based platforms.
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope: Confidentiality, Integrity, Access Control. Impact: Read Files or Directories, Modify Files or Directories, Bypass Protection Mechanism. An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpe
http://news.cnet.com/news/0-1005-200-1773077.html?tag=st.ne.fd.lthd.1005-200-1773077http://www.peacefire.org/security/stealthattach/explanation.htmlhttp://www.securityfocus.com/bid/1157http://news.cnet.com/news/0-1005-200-1773077.html?tag=st.ne.fd.lthd.1005-200-1773077http://www.peacefire.org/security/stealthattach/explanation.htmlhttp://www.securityfocus.com/bid/1157
2000-04-28
Published