|
Posted by =?Utf-8?B?VHl1cmluLCBBbmRyZXk= on September 30, 2008, 8:12 am
If you were Registered and logged in, you could reply and use other advanced thread options
I have discovered that Read Receipt feature in Outlook 2007 contain security
hole that doesn't appear to be fixed or even described.
In "Options\E-mail Options\Tracking Options" I've feature named Read Receipt
set to "Never send a response".
Recently I received a few messages with titles "Undeliverable mail: Read:
...". After inspecting this mail messages I've found that their mime-headers
is OK and it looks like Outlook sent mail messages (without any
notifications) titled "Read: ..." to a few SPAM messages in my inbox (IMAP4
account). Of course these spam-messages have Read Receipt option set.
I've made simple test to determine is that really bug by undeleting
spam-messages in my inbox (stroked through), marking them unread and finally
deleting without reading it. Read receipts have arrived.
I think this is a huge security hole in Outlook 2007 because people sending
spam could find out who've active e-mail addresses.
--
Have a nice day!
| 
XML site map