Thanks me101 who mailed me the following Bugtraq report:
Problem
Outlook Interprets Carriage Returns 0x0d or <CR> as Carriage Return/Line Feed combinations 0x0d 0x0a or <CRLF> in Message Headers
Versions affected
Outlook Express 5.5 with Windows 95 and Outlook Express 6.0 on Windows 2000 confirmed; other versions of Outlook and Outlook Express are suspected. Outlook Express on Macintosh seems unaffected (tested version 5.02). No definite status on other MUA"s here. I found no vulnerable versions, but as I did not do extensive testing, it seems rather unwise to mention a couple of brands and yell "probably not affected".
Symptoms
When you use Outlook, you may receive a message in which headers are incorrectly interpreted as message data.
Status
I sent this to Microsoft a couple of times. There has been no reply - not even an acknowledgement. I sent it on January, 31, through a bug report form on the Microsoft site. Then called Microsoft on February, 4, and sent the bug report to mcchol@microsoft.com as they requested; then used secure@microsoft.com on February, 7. I provided contact information, offered help, and asked them to reply ASAP. I received nothing, not even an acknowledgement.
In the mean time, I saw a discussion on the postfix-user mailinglist where some viruses played tricks with <CR>"s in the headers. So the problem is "in the wild".