CVE-2002-1770

Name of the Vulnerable Software and Affected Versions Qualcomm Eudora version 5.1

Description The issue allows remote attackers to execute arbitrary code via an HTML e-mail message. This is achieved by using a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code. The code is launched and executed in the My Computer zone by Internet Explorer.

Recommendations For Qualcomm Eudora version 5.1, consider disabling the execution of JavaScript code in attached files as a temporary workaround until a patch is available. Restrict access to attached Windows Media Player files to minimize the risk of exploitation. Avoid using the t:video tag in HTML e-mail messages until the issue is resolved.