Beyond the @ Symbol: Exploiting the Flexibility of Email Addresses to gain RCE
As part of a security research, my collegue parzel and I examined the commercial and open source spam filter appliance MailCleaner. It turned out that the software was not fully aware of the flexibility offered by email address specifications, and as a result, we found an RCE that could be triggered by sending a malicious email. ...