Path Traversal in Qualcomm Eudora

CVE-2002-2351

Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot).

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.026 (83.6th percentile) — read the EPSS interpretation.

Affected products

Qualcomm Eudora — versions 5.1, 5.2, 5.2.1
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

cve@mitre.org (Exploit, vdb-entry, x_refsource_BID)
cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_CONFIRM)