Bruin OnLine Homepage

Site Search:

08/17/98: Eudora 4 Security Alert

If you are using a release of Eudora 4 that is lower than version 4.0.2, you should immediately update your client. Eudora 4 releases prior to 4.0.2 contain a security hole that can allow an individual to run arbitrary programs on your local machine.

Beginning with Eudora version 4, Qualcomm incorporated the Microsoft HTML rendering engine to allow Eudora to display HTML inside of email messages. This allows font enhancements as well as active links. It is possible to send a Java applet as an attachment and then carefully craft and embed a link inside of a mail message that refers to that applet. By clicking on that link, the HTML rendering engine will load the applet and run it with full local privileges. The applet then has full privileges on your local machine.

If you are using Eudora 4 lower than release 4.0.2, and you receive an email message with an active link inside, we suggest that you do not click on that link.

For more information and to download version 4.0.2, visit Qualcomm's Security Alert web pages.

Note: this bug does not affect Eudora 4.0 versions on the Macintosh.

Mon Aug 17 12:03:22 PDT 1998, cbs

	08/07/2008: UCLA Logon Holders Targeted
	07/29/2008: News and Sophos Update Server Maintenance on 8/1/08
	07/29/2008: Wireless Network Maintenance on 7/31/08
	07/23/2008: Sophos Update Server Maintenance on 7/24/08
	07/17/2008: Wireless Network Maintenance on 7/21/08
	News archive

BOL News

BOL Webmail

08/17/98: Eudora 4 Security Alert