2007/06/17

Outlook security error: A program is trying to send mail using Item.Send

Outlook Email Security Update :

Also see Reinforcing Dialog-Based Security, a paper by two U.S. Air Force Academy professors that demonstrates how to get around the object model guard prompts using VBScript code and the SendKeys method to, in effect, click the buttons on the prompts.

Reinforcing Dialog-Based Security
Reinforcing Dialog-Based Security
Martin C. Carlisle, Scott D. Studer
Proceedings of the 2001 IEEE
Workshop on Information Assurance and Security
United States Military Academy, West Point, NY, 5-6 June, 2001
Reinforcing Dialog-Based Security



    Sub bypass()
    Dim fName As String, fDesc As Integer

    fName = getConfig("bypassFile")
    fDesc = FreeFile

    Open fName For Output As fDesc
    Print #fDesc, "Set fso = CreateObject(""WScript.Shell"")"
    Print #fDesc, "While fso.AppActivate(""Microsoft Outlook"") = FALSE"
    Print #fDesc, "wscript.sleep 1000"
    Print #fDesc, "Wend"
    Print #fDesc, "wscript.sleep 7000"
    Print #fDesc, "fso.SendKeys ""{LEFT}"", True"
    Print #fDesc, "fso.SendKeys ""{ENTER}"", True"
    Close #fDesc

    Shell ("WScript.exe " & fName)

    End Sub




    Sub sendMail(strSubject As String, strBody As String)

    Dim OutApp As Object
    Dim OutMail As Object

    Dim strTo As String

    strTo = getConfig("mailTo")

    Set OutApp = CreateObject("Outlook.Application")
    OutApp.Session.Logon
    Set OutMail = OutApp.CreateItem(0)

    Call bypass

    On Error Resume Next
    With OutMail
    .to = strTo
    .CC = ""
    .BCC = ""
    .Subject = strSubject
    .body = strBody
    .Send 'or use .Display
    End With
    On Error GoTo 0

    Set OutMail = Nothing
    Set OutApp = Nothing

    End Sub


10 comments:

Anonymous said...

I'm trying to use the code buy it gives me an error message related to "GetConfig".
I'm using Outlook xp

rhXX said...
This comment has been removed by the author.
sapsachin said...

Now everyone cant get in touch with you for details... Either publish solution for GetConfig error or say it is just a fake code... Cheers!

Anonymous said...

legonzales@yahoo.com
I found the other piece of your code in a related thread.
I'm using outlook 2003 and it seems not to work

Anonymous said...

i have the same problem when i use
fName = getConfig("bypassFile")

rhXX said...

tks for your comment!

getConfig() is an user function. you must to write it, or assign the value by any other way.

Unknown said...

Hi,

Can I get an example of the getConfig() function?

WKR,

Dogan

rhXX said...

about getConfig. this is a custom function that returns the desired string. in the case of the sub bypass it returns the name of the VB script file.

in example, c:\tmp\bypass_toto.vbs.
i like to use configuration files, ie INI style files, so in general, i make a custom getConfig function in order to take the desired parameters saved in some part or file

of course, this getConfig function can be implemented in many ways, or NOT use it at all

that is, in the sub bypass, it can be used directly:

fName = "c:\tmp\bypass_toto.vbs"

with any name or path, because this is only an auxiliar file

the same for the other case, strTo is the destination. this destination can be taken from somewhere with a custom function. also it can be used directly in the code, that is

strTo = "toto@gmail.com"


so getConfig(key) can be written in many ways, acording with the interests of the programmer. getConfig can take the desired key from an INI file, or from the command line, or from a data written in the code, or from a dialog with the user, or from a database, or from ....

my best regards

Unknown said...

Note: Outlook 2003 and 2007 identify themselves as "Microsoft Office Outlook" - replace the line of code referencing "Microsoft Outlook" with "Microsoft Office Outlook" to make this code work.

Unknown said...

Note: Outlook 2003 and 2007 identify themselves as Microsoft Office Outlook, so if you've got '03 or '07, you have to change "Microsoft Outlook" to "Microsoft Office Outlook."

Good Luck!