Description
Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context.
Affected products
- qualcomm / eudora5.1.1 – 5.1.1
- qualcomm / eudora5.2 – 5.2