[virusinfo] Address spoofing in various Microsoft mail clients - 4/12/05

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Wed, 13 Apr 2005 17:24:20 -0700

From; Panda Oxygen3:

"Every man is the son of his own works."
           Miguel de Cervantes Saavedra (1547-1616). Spanish writer

                 - Address spoofing in various Microsoft mail clients - 
         Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, April 12, 2005 - A vulnerability has been reported in the email
clients Microsoft Outlook and Microsoft Outlook Web Access, which could
allow an attacker to easily spoof or hide the real address.

Microsoft Outlook and Microsoft Outlook Web Access (OWA) are widely-used
mail clients in corporate networks. The vulnerability lies in the handling
of message headers and allows an attacker to spoof the 'From:' field
displayed to the user.

In the SMTP header, when the 'From:' field contains multiple addresses
separated by commas, Outlook and OWA only display the first address. This
flaw can be used to send spam or phishing mails. What's more, it can slip
past message filtering rules that could be defined in the corporate server.
Microsoft Outlook Express is not affected by this problem.

------------------------------------------------------------

The 5 most frequently detected viruses by Panda ActiveScan, Panda
Software's free online scanner:
1)Mhtredir.gen; 2)Netsky.P; 3)Shinwow.E; 4)Sdbot.ftp; 5)Downloader.BTH. 

------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Address spoofing in various Microsoft mail clients - 4/12/05

1. Home
2. virusinfo
3. Archive
4. 04-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---