Vulnerability Description
Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer' and 'allow executables in HTML content' options are enabled, via an HTML email message containing Javascript, with ActiveX controls and malicious code within IMG tags.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Eudora | <= 5.1 |
References
- http://marc.info/?l=bugtraq&m=98503741910995&w=2
- http://www.securityfocus.com/bid/2490ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6262
- http://marc.info/?l=bugtraq&m=98503741910995&w=2
- http://www.securityfocus.com/bid/2490ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6262
FAQ
What is CVE-2001-0365?
CVE-2001-0365 is a vulnerability with a CVSS score of 7.5 (HIGH). Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer' and 'allow executables in HTML content' options are enabled, via an HTML email message containing ...
How severe is CVE-2001-0365?
CVE-2001-0365 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0365?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Eudora.