On Fri, Jan 04, 2002 at 02:34:00PM +0100, Kai Blin wrote: > This means you can send an email with the header line hacked and execute > code that's run with the rights of the mutt user.
In this particular case it would be difficult to exploit because the attacker only has the option of writing one NUL (0x00) byte and can't chose to write arbitrary instructions onto the stack. IMO, at worst it really would only be a DoS attack. me