|
|
CVE Reference: CVE-2007-0603 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-0603 |
|
|
Description: PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address. |
|
|
CVE Status: Candidate |
|
|
References: VULNWATCH http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0025.html ST 1017563 SREASON http://securityreason.com/securityalert/2203 SAID Secunia Advisory: SA23938 OSVDB 32969 32970 MISC http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-pgp-desktop/ CERT-VN 102465 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/458137/100/0/threaded BID 22247 |
|
| Return to the previous page. |
