When the SMTP Client ( this module ) sends an email to "[email protected]", the SMTP Server tries to resolve the IP of "caronte.com" domain. In that moment, the SMTP Server sends a DNS request to the configured DNS Server. This module tries to send a response to the SMTP Server before the configured DNS Server does. As the vulnerable target doesn't check the DNS response "Transaction IDs", if a spoofed response is processed before that a real response the SMTP Server finishes sending an email to a SMTP Server indicated by the spoofed DNS response.
CVE Link
Exploit Platform
Product Name