PGP Desktop Windows Service Remote Code Execution Vulnerability
BID:22247
Info
PGP Desktop Windows Service Remote Code Execution Vulnerability
| Bugtraq ID: | 22247 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0603 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 25 2007 12:00AM |
| Updated: | May 12 2015 07:35PM |
| Credit: | Peter Winter-Smith discovered this issue. |
| Vulnerable: |
PGP Corporation PGP Desktop Professional 9.0.3 Build 2932 PGP Corporation PGP Desktop Professional 9.0 PGP Corporation PGP Desktop Home 8.0 PGP Corporation PGP Desktop 0 |
| Not Vulnerable: |
PGP Corporation PGP Desktop 9.5.1 |
Discussion
PGP Desktop Windows Service Remote Code Execution Vulnerability
PGP Desktop is prone to an arbitrary code-execution vulnerability because the application fails to properly sanitize user-supplied input.
An authenticated attacker may exploit this issue to execute arbitrary code on an affected computer with the privileges of the vulnerable application. This may facilitate unauthorized access and lead to other attacks.
PGP Desktop is prone to an arbitrary code-execution vulnerability because the application fails to properly sanitize user-supplied input.
An authenticated attacker may exploit this issue to execute arbitrary code on an affected computer with the privileges of the vulnerable application. This may facilitate unauthorized access and lead to other attacks.
Exploit / POC
PGP Desktop Windows Service Remote Code Execution Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
PGP Desktop Windows Service Remote Code Execution Vulnerability
Solution:
Reports indicate that the vendor released version 9.5.1 to address this issue. Symantec has not confirmed this.
Please contact the vendor for information on obtaining and applying fixes.
Solution:
Reports indicate that the vendor released version 9.5.1 to address this issue. Symantec has not confirmed this.
Please contact the vendor for information on obtaining and applying fixes.
References
PGP Desktop Windows Service Remote Code Execution Vulnerability
References:
References:
- PGP Homepage (PGP Corporation)
- Vulnerability Note VU#102465 (CERT)
- Medium Risk Vulnerability in PGP Desktop (NGSSoftware Insight Security Research)