Does anyone know if the recall/replace feature within Microsoft Outlook is exploitable? What is done to ensure the recall is actually from the sender? ------ If it requires knowing the specific details of a message, (date/time sent, subject, etc) then maybe an exploit would be limited to deleting broadcast type emails. Some companies may send out numerous announcements. I was thinking if I used an email client on a Unix box that would connect into a POP port for an exchange server, it may be possible to see the entire headers, without an operation taking place. ------- The help text for doing the normal operation is as such: " Recall or replace a message you've already sent You can recall or replace only those messages you sent to recipients who are logged on and using Outlook and who have not read the message or moved the message out of their Inboxes. 1 If the Folder List is not visible, click the View menu, and then click Folder List. 2 Click Sent Items. 3 Open the message you want to recall or replace. 4 On the Actions menu, click Recall This Message. 5 To recall the message, click Delete unread copies of this message. To replace the message with another, click Delete unread copies and replace with a new message, click OK, and then type a new message. 6 To be notified about the success of the recall or replacement for each recipient, select the Tell me if recall succeeds or fails for each recipient check box. Note To replace a message, you must send a new one. If you do not send the new item, the original message is still recalled. "
This archive was generated by hypermail 2b30 : Mon Jun 04 2001 - 12:20:32 PDT