[38335] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

RE: iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability

daemon@ATHENA.MIT.EDU (Larry Seltzer)
Tue Apr 12 22:42:05 2005

From: "Larry Seltzer" <larry@larryseltzer.com>
To: "'iDEFENSE Labs'" <labs-no-reply@idefense.com>,
        <bugtraq@securityfocus.com>, <vulnwatch@vulnwatch.org>
Date: Sat, 9 Apr 2005 13:30:31 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <FB24803D1DF2A34FA59FC157B77C970504240D6D@idserv04.idef.com>
Message-ID: <j3st78ughuowrvv.090420051330@shayndel>

>>Within the SMTP header, when the From field contains multiple
comma-separated addresses, Outlook and OWA will only display the first
address.  

Why is this called a "spoofing vulnerability"? It's not like the From:
address in SMTP is reliable anyway.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer@ziffdavis.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[38335] in bugtraq

RE: iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability

daemon@ATHENA.MIT.EDU (Larry Seltzer)Tue Apr 12 22:42:05 2005

daemon@ATHENA.MIT.EDU (Larry Seltzer)
Tue Apr 12 22:42:05 2005