Eudora before 6.1.1 allows remote attackers to cause a denial of service (crash) via an e-mail with a long "To:" field, possibly due to a buffer overflow.
Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name.