CVE-2002-0285 Information

Description

Outlook Express 5.5 and 6.0 on Windows treats a carriage return (\CR) in a message header as if it were a valid carriage return/line feed combination (CR/LF) which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR which causes Outlook to create separate headers.

Reference

http://marc.info/?l=bugtraq&m=101362077701164&w=2 http://www.iss.net/security_center/static/8198.php http://www.securityfocus.com/bid/4092