Eudora prior to 6.1.1 allows remote malicious users to cause a denial of service (crash) via an e-mail with a long "To:" field, possibly due to a buffer overflow.