Release Date:
July 10, 2002
Severity:
High (Remote Code Execution)
Systems Affected:
NAI PGP Desktop Security 7.0.4
NAI PGP Personal Security 7.0.3
NAI PGP Freeware 7.0.3
Description:
A vulnerability in the NAI PGP Outlook plug-in can be exploited to remotely execute code on any system that uses the NAI PGP Outlook plug-ins. By sending a carefully crafted email, the message decoding functionality can be manipulated to overwrite various heap structures pertinent to the PGP plug-in. This vulnerability can be exploited by the Outlook user simply selecting a "malicious" email, the opening of an attachment is not required. When the attack is performed against a target system, malicious code will be executed within the context of the user receiving the email.