There is an options under Tools/Options/Attachements which allow a user to specify the directory for an attachement. check http://www.eudora.com/download/eudora/windows/5.1/full_elec/Manual51.pdf page 229 - 230 --8<--[quote]--8<-- Attachment directory - This specifies what directory will receive incoming attachments. To specify a folder, single-click the folder name button. A dialog box appears prompting you to select a folder. The default folder is the Attach sub-folder of your Eudora Pro folder. --8<--[quote]--8<-- I beleive this option was already in place in 3.x,4.x and 5.x as well as an option to set the "delete attachement when emptying trash". (which might not work, from what you are saying). My $.02 -----Original Message----- From: RT [mailto:roelof@sensepost.com] Sent: Friday, March 15, 2002 4:59 PM To: Thor Larholm Cc: 'Eric Detoisien'; bugtraq@securityfocus.com Subject: RE: MSIE vulnerability exploitable with IncrediMail Immm... Eudora Mail .. automatically saves attachments in <drive>:\program files\qualcomm\eudora\attachments .. right? The (very old) version (4.1) that I have sure does that. And even if you delete the email itself (after opening), or right click on the file and selecting delete - the file stays. So, you just need to get the file in there and have the user visit a corrupted web .. and hey.. presto! Just my 2c on this, Roelof. On Fri, 15 Mar 2002, Thor Larholm wrote: +Isn't {42D00B20-479C-11d4-9706-00105A40931C} a GUID for your user account, +and as such unknown from time to time, making the proposed exploit +unfeasable ? + + +Regards +Thor Larholm +Jubii A/S - Internet Programmer + + ------------------------------------------------------ Roelof W Temmingh SensePost IT security roelof@sensepost.com +27 83 448 6996 http://www.sensepost.com http://www.hackrack.com
