It is the email equivalent of HTTP Header Injection.
When a form is added to a Web page that submits data to a Web application, a malicious user may exploit the MIME format to append additional information to the message being sent, such as a new list of recipients or a completely different message body.
Because the MIME format uses a carriage return to delimit the information in a message, and only the raw message determines its eventual destination, adding carriage returns to submitted form data can allow a simple guestbook to be used to send thousands of messages at once.
A malicious spammer could use this tactic to send large numbers of messages anonymously.
[1] This vulnerability can potentially affect any application that sends email messages based on input from arbitrary users.