Eudora 4.0 Crash


(crashes IE40 too)

From whizpig@TIR.COM Mon Mar 30 02:22:06 1998
From: whiz 
X-Sender: whizpig@mail.tir.com
To: BUGTRAQ@NETSPACE.ORG
Date: Sun, 29 Mar 1998 05:04:17 -0500
Subject: Eudora Pro 4.0 attachment/long filename problem

Eudora Pro 4.0 crashes when it trys to retrieve a message that has an
attachments with an extra long filename.  The length of the filename
effects the type of crash that will occur.  A filename of greater then 233
characters in length will cause an illegal operation.  However, a
bluescreen of death occurs and a reboot is necessary if the filename is
exactly 233 characters.

Heres how to recreate it on Windows 95.
1. Create a file with a long name(>=233).
2. In Eudora, send an e-mail to your self with the new file attached.
3. Now check your mail, Eudora should crash when it starts to download the
attachment.

And since Eudora crashes before it deletes the message from the server you
will have to do this in order to check your mail again:
1. Telnet to your mail server.
2. Type USER yourusername, hit enter.
3. Type PASS yourpassword, hit enter.
4. Type DELE 1, hit enter.
5. Type QUIT, hit enter.

-whiz

=-=

From pt95cho@STUDENT.HK-R.SE Mon Mar 30 03:04:58 1998
From: Christian Holmqvist 
X-Sender: pt95cho@beholder
To: BUGTRAQ@NETSPACE.ORG
Date: Fri, 20 Mar 1998 17:13:10 +0100
Subject: Re: MSIE buffer overrun

On Fri, 20 Mar 1998, Georgi Guninski wrote:
Hi!

This not only crashes MSIE4 but also Eudora4.0 (yes the mail reader...)
I can't read this mail with out a crash. I had to read it in pine on a
unix system.

Cheers Christian

> Microsoft Internet Explorer 4.0 (don't know for other versions)
> can be crashed and eventually made execute arbitrary code
> with a little help of the  tag.
>
> The following:
> 
> opens a dialog box and closes IE 4.0.
> It seems that the long file extension causes stack overrun.
>
> The stack is smashed - full with our values, EIP is also ours and CS=SS.
> So probably a string could be constructed, executing code at the
> client's machine.
>
> Solution: Do not browse hostile pages.
> To try this: http://www.geocities.com/ResearchTriangle/1711/msie.html
>
>
> Georgi Guninski
> http://www.geocities.com/ResearchTriangle/1711
>
> -----------------------cut here and save as
> crashmsie.html---------------------
> 
> Trying to crash IE 4.0
>  SRC=file://C|/A.012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456
789>
>                                                                40
> 80                                                                               160                    170                 180                 190          200
>
> Mvh Christian /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\ | Christian Holmqvist | | Email: pt95cho@student.hk-r.se | | Tele: 0457-17754 | \________________________________/