Vulnerability Development mailing list archives
MS Exchange 'Recall' feature - Possible to delete mail?
From: Viraj Alankar <valankar () access4less net>
Date: Sun, 24 Aug 2003 21:56:22 -0400
Hello, I don't run Exchange but recently came across it's 'recall message' functionality. To me, it just seems dangerous to allow a sender to delete a message from a recipient's mailbox. I understand this will only work for Exchange systems, but is it possible for a malicious user outside the network/domain to send fake 'recall' messages and delete users' mail? Also, even within an Exchange network, would it be possible for a malicious employee to delete another employee's mail that they did not send? All I can tell from these 'recall' messages are that there is the header: X-MAPI-Message-Class: IPM.Outlook.Recall Subject: Recall: subject And a winmail.dat TNEF attachment. Anyone know much more about this? Viraj.
Current thread:
- MS Exchange 'Recall' feature - Possible to delete mail? Viraj Alankar (Aug 25)
- RE: MS Exchange 'Recall' feature - Possible to delete mail? Aditya (Aug 26)
- <Possible follow-ups>
- RE: MS Exchange 'Recall' feature - Possible to delete mail? Damiano, Anthony (Aug 26)