Vulnerability Description
Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code, which is launched and executed in the My Computer zone by Internet Explorer.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Eudora | 5.1 |
References
- http://marc.info/?l=bugtraq&m=101680576827641&w=2
- http://marc.info/?l=ntbugtraq&m=101680201823534&w=2
- http://security.greymagic.com/adv/gm002-ie/ExploitVendor Advisory
- http://www.securityfocus.com/bid/4343
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8609
- http://marc.info/?l=bugtraq&m=101680576827641&w=2
- http://marc.info/?l=ntbugtraq&m=101680201823534&w=2
- http://security.greymagic.com/adv/gm002-ie/ExploitVendor Advisory
- http://www.securityfocus.com/bid/4343
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8609
FAQ
What is CVE-2002-1770?
CVE-2002-1770 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing ...
How severe is CVE-2002-1770?
CVE-2002-1770 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1770?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Eudora.