[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability

To: "'iDEFENSE Labs'" <labs-no-reply@xxxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>, <vulnwatch@xxxxxxxxxxxxx>
Subject: RE: iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability
From: "Larry Seltzer" <larry@xxxxxxxxxxxxxxxx>
Date: Sat, 9 Apr 2005 13:30:31 -0400

>>Within the SMTP header, when the From field contains multiple
comma-separated addresses, Outlook and OWA will only display the first
address.  

Why is this called a "spoofing vulnerability"? It's not like the From:
address in SMTP is reliable anyway.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer@xxxxxxxxxxxxx

References:
- iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability
  - From: iDEFENSE Labs

Prev by Date: Window Washer 6.0: False Sense of Security
Next by Date: WordPress XSS and HTML injection
Previous by thread: iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability
Next by thread: How to Report a Security Vulnerability to Microsoft
Index(es):
- Date
- Thread