Erik C. Thauvin

**Name of the Vulnerable Software and Affected Versions** mailback versions (affected versions not specified) **Description** The issue concerns a CRLF injection vulnerability in the mailback.pl script of Erik C. Thauvin's mailback. This vulnerability allows remote attackers to exploit mailback as a "spam proxy" by modifying mail headers. The modification can include changing recipient e-mail addresses via newline characters inserted in the Subject field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.