https://www.exploit-db.com/exploits/19885
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200004-078

Eudora4.x存在漏洞，远程攻击者可以利用这个漏洞绕过用户警告，通过使用引用附件的.lnk文件执行例如.exe,.com,和.bat的附件。

source: http://www.securityfocus.com/bid/1157/info

A malicious email sender can circumvent warning messages that would normally display when a user attempts to view executable attachments in Eudora 4.2/4.3. Eudora does not prompt a user with the warning message if they are attempting to open a file that is neither .exe, .com, or .bat.

Inserting the tag
<a  href="file:///c:/eudora/attach/file.lnk">http ://www.example.com</ a>
in an email message will display as:
http ://www.example.com
in a Eudora email client.

Therefore, when a user clicks on this link, it will automatically open up the executable file without warning.

来源:www.peacefire.org
链接:http://www.peacefire.org/security/stealthattach/explanation.html
来源:news.cnet.com
链接:http://news.cnet.com/news/0-1005-200-1773077.html?tag=st.ne.fd.lthd.1005-200-1773077
来源:BID
名称:1157
链接:http://www.securityfocus.com/bid/1157