CVE-2002-2313

Name of the Vulnerable Software and Affected Versions: Eudora email client version 5.1.1

Description: The issue allows remote attackers to execute arbitrary programs via an HTML email message. This is achieved by using a META refresh tag that references an embedded .mhtml file with ActiveX controls. The ActiveX controls execute a second embedded program, which is then processed by Internet Explorer.

Recommendations: For Eudora email client version 5.1.1, consider disabling the "use Microsoft viewer" option to mitigate the risk of exploitation. As a temporary workaround, avoid using the Eudora email client to open HTML email messages from untrusted sources until a fix is available.