mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote attackers to send SPAM e-mail through remote servers by modifying the sendto, email, server, subject, and resulturl hidden form fields.Referenceshttp://www.securityfocus.com/archive/1/244909http://www.securityfocus.com/bid/3669
