Paul Dreik

**Name of the Vulnerable Software and Affected Versions** tnef versions prior to 1.4.18 **Description** The issue allows an attacker to potentially write to the victim's .ssh/authorized keys file via a crafted winmail.dat application/ms-tnef attachment in an email message. This is due to a heap-based buffer over-read involving the `strdup` function. **Recommendations** For versions prior to 1.4.18, update to version 1.4.18 or later to resolve the issue. As a temporary workaround, consider restricting the handling of winmail.dat attachments to minimize the risk of exploitation.