[原文]Eudora 5.0.2 allows a remote attacker to read arbitrary files via an email with the path of the target file in the "Attachment Converted" MIME header, which sends the file when the email is forwarded to the attacker by the user.
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org .
Qualcomm Eudora contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker emails a message with a plaintext attachment containing the full path of a desired file on the victim's system. The file is sent to the attacker when the message is forwarded, resulting in a loss of confidentiality.
Upgrade to version 5.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.