[ISN] Eudora Pro Security Alert

From: mea culpa <jericho_at_dimensional.com> Date: Fri 07 Aug 1998 - 18:26:07 CDT

Forwarded From: Dale Drew <ddrew@mci.net>

From:
http://eudora.qualcomm.com/security.html

			Eudora Pro Security Alert 

You may have read recently that there is potential for unauthorized 
programs to be run on your system through the use of hostile Java 
scripts and/or applets. This problem affects users of Eudora Pro 
Email 4.0 and 4.0.1, as well as Eudora Pro CommCenter 4.0 and 
4.0.1. Note that Eudora Light users and users of previous versions 
of Eudora Pro are not susceptible to these Java attacks. 

QUALCOMM became aware of this problem yesterday and is pleased to 
offer the following fixes so you will be safe from these types of 
attacks. 

  Download the current Eudora Pro Email version 4.1 Beta software. 
  This version has the safeguards against Java attacks. This upgrade 
  will be available for free to existing Eudora Pro 4.0 users once it 
  is released. http://eudora.qualcomm.com/betas/epro41.html

  If the above is not an option, you can protect yourself by turning 
  off the Microsoft viewer from within Eudora. To do this, follow 
  these steps: 

        1.In Eudora, go to the Tools menu and choose "Options". 
        2.On the left hand side of the options window, select 
           "Viewing Mail" 
        3.On the right hand side of the options window, make sure 
            the box next to "Use Microsoft's viewer" is UNCHECKED. 
        4.Click on "OK" on the bottom of the window. 

           Eudora Pro Email, Eudora Pro CommCenter and Eudora Light 
           are not susceptible to buffer overflow security problem

QUALCOMM rigorously tested its line of Eudora email software after becoming 
aware of the buffer overflow security problems recently found in Microsoft 
and Netscape email programs. QUALCOMM is pleased to announce that its Eudora 
email products are not susceptible to the types of attacks that can harm the 
computers of users of these other products. 

QUALCOMM tested Eudora Pro and Eudora CommCenter versions 4.0, as well as
Eudora Pro and Eudora Light versions 3.0 on both the Windows and Macintosh
platforms. In all cases, Eudora does not allow any unauthorized programs to be
automatically executed on a user's system. 

                 "Success through teamwork"
===============================================================
Dale Drew                                MCI Telecommunications
Sr. Manager                                internetMCI Security
                                                    Engineering
Voice:  703/715-7058                    Internet: ddrew@mci.net
Fax:    703/715-7066                MCIMAIL: Dale_Drew/644-3335

-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]