[Mimedefang] Suspicious characters
David F. Skoll
dfs at roaringpenguin.com
Fri Mar 22 09:14:58 EST 2002
On Thu, 21 Mar 2002, Mickey Hill wrote:
> Why do we consider \r without \n suspicious? Is this based on an RFC,
> standard practice, general principles...?
Because of these Bugtraq postings:
http://online.securityfocus.com/archive/1/255910
http://online.securityfocus.com/archive/1/256616
Symptoms
When you use Outlook, you may receive a message in which headers are
incorrectly interpreted as message data.
Cause
The message contains a header with Carriage Return (0x0d or <CR>)
characters. Outlook incorrectly interprets these as end of line (Carriage
Return/Line Feed combinations, or <CRLF> as per rfc2821/2822) delimiters.
--
David.
More information about the MIMEDefang
mailing list