14 DAY TRIAL // Security firm Secunia first made users aware of the high-risk vulnerabilities in the Windows version of the Eudora mail client, version 6.2.0 and below.
Hackers can run malicious programs by opening specially crafted stationary or mailbox files. Next Generation Security Software aid that it was going to withhold details of Eudora's flaws for three months in a bid to prevent hackers exploiting them. The default for the program is to have e-mails automatically previewed so a spammer might send e-mail deliberately targeting that flaw.
John Heasman, an NGSS representative warned that the flaws permit hackers to execute arbitrary code on victims' PCs via previewing or opening a specially crafted e-mail. Hackers can also run malicious programs by opening specially crafted stationary or mailbox files.
Qualcomm has put out an update for Eudora to fix these multiple security flaws ans Secunia is advising all users to apply the patch immediately. The company has downplayed the severity of the flaws, it said that the vulnerability would crash Eudora, but it did not mention the possibility of remote code execution.
Some older versions of Eudora still have a few un-patched vulnerabilities that could cause issues like denial of service, so it is advisable for all users to upgrade to the latest version which has fewer security problems.