The "Email this to a friend" functionality in the mt-send-entry.cgi script is vulnerable to being used by spammers to send spam messages. In principle, all "email this to a friend" programs are vulnerable to being used by spammers, because they allow the user to specify a To: address and a message body. But in practice, MT's implementation of this is not as robust as it should be, and a new version is available below.

This fix is already included in all versions of MT 2.64 downloaded from today on.