Reported April 11, 2005 by iDEFENSE
VERSIONS AFFECTED
Microsoft
Outlook (not Microsoft Outlook Express)
|
DESCRIPTION
Due to the way Outlook and OWA parse From header fields, it's possible to change the field so that the email message appears to come from a different address.
WORKAROUND
Examine all the message's header fields to determine who a message actually came from.
VENDOR RESPONSE
iDEFENSE reports that Microsoft said it might implement a fix in a future service pack but that a security bulletin won't be released for this issue.