Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Eudora | Qualcomm | 5.2 | 5.2 |
Eudora | Qualcomm | 5.1.1 | 5.1.1 |