WindowsPT User ID Key Spoofing Vulnerability
BID:24412
Info
WindowsPT User ID Key Spoofing Vulnerability
| Bugtraq ID: | 24412 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-3201 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 11 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | nnposter is credited with the discovery of this issue. |
| Vulnerable: |
WinPT WinPT 1.2 |
| Not Vulnerable: | |
Discussion
WindowsPT User ID Key Spoofing Vulnerability
WinPT (Windows Privacy Tray) is prone to a key-spoofing vulnerability because it fails to properly display user-supplied key data.
An attacker can exploit this issue to trick victim users into encrypting potentially sensitive information with a malicious key that appears to be legitimate.
WinPT 1.2.0 is vulnerable; other versions may also be affected.
WinPT (Windows Privacy Tray) is prone to a key-spoofing vulnerability because it fails to properly display user-supplied key data.
An attacker can exploit this issue to trick victim users into encrypting potentially sensitive information with a malicious key that appears to be legitimate.
WinPT 1.2.0 is vulnerable; other versions may also be affected.
Exploit / POC
WindowsPT User ID Key Spoofing Vulnerability
They following proof-of-concept key has been provided:
" <[email protected]>"SSSSMMMMSSSS<[email protected]> "[email protected]
They following proof-of-concept key has been provided:
" <[email protected]>"SSSSMMMMSSSS<[email protected]> "[email protected]
Solution / Fix
WindowsPT User ID Key Spoofing Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
WindowsPT User ID Key Spoofing Vulnerability
References:
References: