From: CSP-List@sotmesc.org
http://www.cnn.com/TECH/computing/9808/07/eudora.flaw.01.ap/
Security flaw revealed in a third e-mail program
August 7, 1998
Web posted at: 1:41 a.m. EDT (0541 GMT)
SAN DIEGO (AP) -- A major security flaw has been found in Eudora, the most
popular electronic mail program on the Internet, a spokesman for the
software's manufacturer said Thursday.
The discovery was made days after flaws were found in two other widely
used e-mail programs, Microsoft's Outlook and Netscape's e-mail client
that comes with Communicator.
The Eudora security breach could allow someone to maliciously send a file
attachment to an e-mail that could erase files or install a virus, said
Matthew Parks, manager of Qualcomm Inc.'s Eudora product line.
Parks said that has not happened to anyone.
"Essentially what happened is one of our users reported that he was
actually able to find a possible security flaw within e-mail," Parks said.
'Patch' to be released on Web site
San Diego-based Qualcomm plans to release a so-called "patch" on its Web
site Friday that users can download to update their software.
"It will essentially fix the security hole that was found two days ago,"
he said.
The flaw affects the Windows 95 versions of Eudora 4.0 and 4.0.1, as well
as 4.1, which is being circulated in test form. It could affect other
Microsoft operating systems, but that had not been verified.
This revelation comes less than a week after researchers in Finland
discovered that a programming error could enable a hacker to crash
Microsoft's Outlook and Outlook Express e-mail programs and the Netscape
program and run a destructive application in their place.
Both companies provided a patch for users to download.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]
Received on Sat Aug 8 15:03:07 1998