Remote PGP Outlook Encryption Plug-in Vulnerability

Release Date:

July 10, 2002

Severity:

High (Remote Code Execution)

Systems Affected:

NAI PGP Desktop Security 7.0.4

NAI PGP Personal Security 7.0.3

NAI PGP Freeware 7.0.3

Description:

A vulnerability in the NAI PGP Outlook plug-in can be exploited to remotely execute code on any system that uses the NAI PGP Outlook plug-ins. By sending a carefully crafted email, the message decoding functionality can be manipulated to overwrite various heap structures pertinent to the PGP plug-in. This vulnerability can be exploited by the Outlook user simply selecting a "malicious" email, the opening of an attachment is not required. When the attack is performed against a target system, malicious code will be executed within the context of the user receiving the email.

News source: eEye Digital Security

Download: PGP Outlook plug-in patch

Report a problem with article
Next Article

Windows worm rears ugly head

Previous Article

Day Of Defeat 3.0 Today!