PHP is susceptible to a header-injection vulnerability when sending email. This issue is due to the application's failure to properly sanitize user-supplied input.

This issue allows remote attackers to add arbitrary headers to generated email messages. The results of this vary depending on the meaning of the injected headers. This may allow attackers to use vulnerable web applications as an anonymous email proxy.

Eso me encontre en security focus, pero me decia que no hacia falta exploit, lo unico que entiendo del mensaje es algo de que al mandar un mensaje con cabecera especial..y nada mas, ademas los traductores no tienen nada de traductores :S