Eudora Flaws Patched

By | February 4, 2005

An update which patches several Highly Critical vulnerabilities in the Eudora Email client has been pushed out by Qualcomm. The issues make users vulnerable to several forms of computer hijacking.

Research firm Next Generation Security Software (NGSS) reported the vulnerabilities to Qualcomm. Secunia has slapped a “highly critical” rating on the flaws and is urging users to upgrade immediately.

According to NGSS research John Heasman, the flaws are a “high risk” in the Windows version of Eudora. He warns that a malicious attacker could execute any code he wanted if a user previews or opens a special type of email.

NGSS is being responsible by not releasing the public details of the issue for 3 months – in order to allow users to patch their systems.

Eudora is a popular email client, available for Windows, Mac and PalmOS and was the dominant mail program for several years, before being outpaced by Microsoft’s Outlook.

The program was created by University of Illinois student Steve Dorner and was then acquired by Qualcomm and marketed as Eudora through ISP’s.

Qualcomm has added several enhancements to Eudora in recent times, including a new feature called SpamWatch to allow for the filtering of unsolicited e-mails.

The program also includes plug-ins that tie into spam scoring services that IT departments or ISPs are already running.

Leave a Reply