Notes:
1. this is reminiscent of GreyMagic Software's 'Qualcomm Eudora WebBrowser Control Embedded Media Player File Vulnerability ': http://www.securityfocus.com/bid/4343 which appears to never have been patched.
This was fixed in Eudora 5.2 last year. See <http://eudora.com/download/eudora/windows/5.2/RelNotes.txt>.
