Vulnerability Description
Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program, which is processed by Internet Explorer.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Eudora | 5.1.1 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000644.html
- http://www.iss.net/security_center/static/9654.php
- http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000644.html
- http://www.iss.net/security_center/static/9654.php
FAQ
What is CVE-2002-2313?
CVE-2002-2313 is a vulnerability with a CVSS score of 8.8 (HIGH). Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedde...
How severe is CVE-2002-2313?
CVE-2002-2313 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2313?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Eudora.