CVE-2001-1326 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Qualcomm	Eudora	5.1

References

http://www.securityfocus.com/archive/1/187128Vendor Advisory
http://www.securityfocus.com/bid/2796ExploitPatchVendor Advisory
http://www.securityfocus.com/archive/1/187128Vendor Advisory
http://www.securityfocus.com/bid/2796ExploitPatchVendor Advisory

FAQ

What is CVE-2001-1326?

CVE-2001-1326 is a vulnerability with a CVSS score of 7.5 (HIGH). Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a ...

How severe is CVE-2001-1326?

CVE-2001-1326 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2001-1326?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Eudora.