Security Advisory GM#002-IE
Any application that hosts the WebBrowser control is affected since this exploit does not require Active Scripting or ActiveX. Some of these applications are:
- Qualcomm Eudora
- Microsoft Outlook
- Microsoft Outlook Express
An example is when an attacker knows the path to attached files.
Eudora is a popular email client; by default it uses the WebBrowser control for viewing email messages. However, it attempts to secure itself by filtering out elements such as <iframe>, <object>, <embed>, etc.
Eudora stores its attachments (by default) in "C:/Program Files/Qualcomm/Eudora/Attach", an attacker is likely to guess other paths to Eudora, such as different drive letters or similar minor changes.
To protect yourself:
Go to Tools -> Options -> Viewing Mail, uncheck "Use Microsoft's viewer"