OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
RE: iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability

From: Larry Seltzer (larrylarryseltzer.com)
Date: Sat Apr 09 2005 - 12:30:31 CDT


>>Within the SMTP header, when the From field contains multiple
comma-separated addresses, Outlook and OWA will only display the first
address.

Why is this called a "spoofing vulnerability"? It's not like the From:
address in SMTP is reliable anyway.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzerziffdavis.com