PEGASUS MAIL FOR WINDOWS
VERSION 4.31

Click here to return to my Pegasus Mail for Windows Version 4.3 index page. Click here to return to my Pegasus Mail information page.

 
From:         David Harris
Organization: Pegasus Mail, Dunedin, New Zealand
Subject:      Important: Secunia Exploit warning
To:           PM-NEWS@BAMA.UA.EDU
Date:         Mon, 19 Dec 2005 16:01:43 +1300

Secunia Research, a Denmark-based security analysis firm, has
discovered two potentially exploitable bugs in the Pegasus Mail v4.2
version family and the Pegasus Mail v4.3 public beta. One of the
exploits is largely harmless, but the other is quite serious, and can
potentially result in unauthorised code being run on your computer if
you download a specially-malformed message via POP3.

These exploits have been corrected in the full release of Pegasus Mail
v4.3, and versions earlier than v4.2 are not subject to them - in other
words, you can only be affected by these exploits if you are running
Pegasus Mail v4.21a, b or c, or v4.3pb1. Secunia will be making
information about these exploits public on December 28th - if you are
running Pegasus Mail v4.2 or the Pegasus Mail v4.3 public beta, we
strongly advise you to consider upgrading prior to that time.

Cheers!

-- David --

------------------ David Harris -+- Pegasus Mail ----------------------
Box 5451, Dunedin, New Zealand | e-mail: David.Harris@pmail.gen.nz
           Phone: +64 3 453-6880 | Fax: +64 3 453-6612


Any remarks or additions: Mail me!!