Check Point Advisories

Eudora URL Handling Buffer Overflow (CVE-2002-1770)

Vulnerability
Protection

Check Point Reference:	CPAI-2004-148
Date Published:	20 Oct 2009
Severity:	High
Last Updated:	Tuesday 20 October, 2009
Source:
Industry Reference:	CVE-2002-1770
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description	There is a stack buffer overflow vulnerability within the Qualcomm Eudora, a popular e-mail client. It is possible for a remote attacker to craft an e-mail containing a specially crafted link that will cause Eudora to terminate, and possibly execute arbitrary code. There is a vulnerability within certain versions of Eudora, an e-mail client released by Qualcomm Corporation, that allows a remote attacker to cause Eudora to terminate upon clicking a malicious link within an e-mail sent by the attacker. It is possible for the remote attacker to execute arbitrary code on the victim's computer. When the victim clicks on a malicious reference within an e-mail sent from an attacker, arbitrary code execution is possible if the attacker has crafted the e-mail correctly. In the case where remote code execution fails, Eudora will terminate. The victim will need to re-open Eudora to regain access to their e-mail.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

In the IPS tab, click Protections and find the Eudora URL Handling Buffer Overflow protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: NNTP Protection Violation.
Attack Information: Eudora URL handling buffer overflow