German security researcher Sabri Haddouche has discovered a set of vulnerabilities that he collectively refers to as Mailsploit, and which allow an attacker to spoof email identities, and in some cases, run malicious code on the user’s computer. […]

https://www.bleepingcomputer.com/news/security/mailsploit-lets-attackers-send-spoofed-emails-on-over-33-email-clients/