{"api_version":"1","generated_at":"2026-04-23T22:33:05+00:00","cve":"CVE-2007-0603","urls":{"html":"https://cve.report/CVE-2007-0603","api":"https://cve.report/api/cve/CVE-2007-0603.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-0603","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-0603"},"summary":{"title":"CVE-2007-0603","description":"PGP Desktop before 9.5.1 does not validate data objects received over the (1) \\pipe\\pgpserv named pipe for PGPServ.exe or the (2) \\pipe\\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-01-30 18:28:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.1","severity":"","vector":"AV:N/AC:H/Au:S/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:H/Au:S/C:C/I:C/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.securityfocus.com/archive/1/458137/100/0/threaded","name":"http://www.securityfocus.com/archive/1/458137/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/32970","name":"http://osvdb.org/32970","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://secunia.com/advisories/23938","name":"http://secunia.com/advisories/23938","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"PGP Desktop Service Code Execution Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/22247","name":"http://www.securityfocus.com/bid/22247","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"PGP Desktop Windows Service Remote Code Execution Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-pgp-desktop/","name":"http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-pgp-desktop/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Advisories - Research - Next Generation Security Software","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://securitytracker.com/id?1017563","name":"http://securitytracker.com/id?1017563","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - PGP Desktop Input Validation Flaw in PGPServ.exe/PGPsdkServ.exe Services Lets Local Users Gain LocalSystem Privileges","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0025.html","name":"http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0025.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/0356","name":"http://www.vupen.com/english/advisories/2007/0356","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/102465","name":"http://www.kb.cert.org/vuls/id/102465","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"US-CERT Vulnerability Note VU#102465","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/2203","name":"http://securityreason.com/securityalert/2203","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Medium Risk Vulnerability in PGP Desktop - CXSecurity.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/32969","name":"http://osvdb.org/32969","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-0603","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-0603","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"603","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pgp","cpe5":"corporate_desktop","cpe6":"9.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T12:26:54.355Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"1017563","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1017563"},{"name":"20070125 Medium Risk Vulnerability in PGP Desktop","tags":["mailing-list","x_refsource_VULNWATCH","x_transferred"],"url":"http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0025.html"},{"name":"2203","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/2203"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-pgp-desktop/"},{"name":"32970","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/32970"},{"name":"22247","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/22247"},{"name":"20070125 Medium Risk Vulnerability in PGP Desktop","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/458137/100/0/threaded"},{"name":"23938","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/23938"},{"name":"ADV-2007-0356","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/0356"},{"name":"32969","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/32969"},{"name":"VU#102465","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/102465"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-01-25T00:00:00.000Z","descriptions":[{"lang":"en","value":"PGP Desktop before 9.5.1 does not validate data objects received over the (1) \\pipe\\pgpserv named pipe for PGPServ.exe or the (2) \\pipe\\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-16T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"1017563","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1017563"},{"name":"20070125 Medium Risk Vulnerability in PGP Desktop","tags":["mailing-list","x_refsource_VULNWATCH"],"url":"http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0025.html"},{"name":"2203","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/2203"},{"tags":["x_refsource_MISC"],"url":"http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-pgp-desktop/"},{"name":"32970","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/32970"},{"name":"22247","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/22247"},{"name":"20070125 Medium Risk Vulnerability in PGP Desktop","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/458137/100/0/threaded"},{"name":"23938","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/23938"},{"name":"ADV-2007-0356","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/0356"},{"name":"32969","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/32969"},{"name":"VU#102465","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/102465"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-0603","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"PGP Desktop before 9.5.1 does not validate data objects received over the (1) \\pipe\\pgpserv named pipe for PGPServ.exe or the (2) \\pipe\\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1017563","refsource":"SECTRACK","url":"http://securitytracker.com/id?1017563"},{"name":"20070125 Medium Risk Vulnerability in PGP Desktop","refsource":"VULNWATCH","url":"http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0025.html"},{"name":"2203","refsource":"SREASON","url":"http://securityreason.com/securityalert/2203"},{"name":"http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-pgp-desktop/","refsource":"MISC","url":"http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-pgp-desktop/"},{"name":"32970","refsource":"OSVDB","url":"http://osvdb.org/32970"},{"name":"22247","refsource":"BID","url":"http://www.securityfocus.com/bid/22247"},{"name":"20070125 Medium Risk Vulnerability in PGP Desktop","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/458137/100/0/threaded"},{"name":"23938","refsource":"SECUNIA","url":"http://secunia.com/advisories/23938"},{"name":"ADV-2007-0356","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/0356"},{"name":"32969","refsource":"OSVDB","url":"http://osvdb.org/32969"},{"name":"VU#102465","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/102465"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-0603","datePublished":"2007-01-30T18:00:00.000Z","dateReserved":"2007-01-30T00:00:00.000Z","dateUpdated":"2024-08-07T12:26:54.355Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-01-30 18:28:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:S/C:C/I:C/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pgp:corporate_desktop:9.5:*:*:*:*:*:*:*","matchCriteriaId":"60BBE71E-27F4-4D53-95A7-8EF8FA2A76A4"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"603","Ordinal":"1","Title":"CVE-2007-0603","CVE":"CVE-2007-0603","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"603","Ordinal":"1","NoteData":"PGP Desktop before 9.5.1 does not validate data objects received over the (1) \\pipe\\pgpserv named pipe for PGPServ.exe or the (2) \\pipe\\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address.","Type":"Description","Title":"CVE-2007-0603"},{"CveYear":"2007","CveId":"603","Ordinal":"2","NoteData":"2007-01-30","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"603","Ordinal":"3","NoteData":"2018-10-16","Type":"Other","Title":"Modified"}]}}}