5/18/04: Security Hole Warning in Eudora UPDATE
Qualcomm has fixed the buffer overflow bug in Eudora version 6.1.1 for Windows. Eudora 6.1.1 will be available on the BOL Website at the end of the week:
As a clarification, the security hole is only present on Eudora for Windows. The buffer overflow bug does not seem to be an issue present in Eudora for Macintosh OS 9 or OS X.
If you have any questions, you can reach our telephone consultants at (310)825-7452, option 1, or at consult@ucla.edu.
There has been a recent discovery of a security hole in Eudora 6.1, 6.0.3, 5.2.1 and older versions of Eudora. This hole is said to be "easily exploitable" and allows remote system access with no more than a malicious email containing an overly-long link.
Eudora does not currently have a patch nor have they released any warning about the security hole.
BOL recommends the Mozilla Mail email client, a component of the Mozilla Browser. Mozilla Mail comes with numerous advanced email handling options, includes a "Junk Mail" tool to help identify and filter spam, and works with all BOL Email features. It is available from the URL:
For more information about using the Junk Mail feature, please see:
If you are not able to change email clients or otherwise require Eudora, go to Tools >> Options >> Viewing Mail and disable:
- allow executables in HTML content
- use Microsoft viewer
and go to Tools >> Options >> Display and disable:
- automatically download HTML graphics
For more information about this security hole, please visit:
If you have any questions, you can reach our telephone consultants at (310)825-7452, option 1, or at consult@ucla.edu.