SOAP Dropper
Credit: Unknown, FireEye
Surprise! CRLF injection can be more than the lame type of vulnerability that you put in your report because you didn’t find anything real. This fun bug is in SOAP WSDL parsing and results in remote C# code injection. The bug affects every version of the .NET Framework released since 2002 and can be triggered through WSDL parsing invoked through MS Office or any Microsoft application with a type handler.