Lucene search

MitreCVE-2007-0603

HistoryJan 30, 2007 - 6:28 p.m.

CVE-2007-0603

2007-01-3018:28:00

mitre

web.nvd.nist.gov

cve-2007-0603

pgp desktop

validation

pipe

privileged escalation

code execution

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.077

Percentile

94.2%

JSON

PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address.

Affected configurations

Nvd

Node

pgpcorporate_desktopMatch9.5

VendorProductVersionCPE
pgpcorporate_desktop9.5cpe:2.3:a:pgp:corporate_desktop:9.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pgp	corporate_desktop	9.5	cpe:2.3:a:pgp:corporate_desktop:9.5:::::::*

References

archives.neohapsis.com/archives/vulnwatch/2007-q1/0025.html

osvdb.org/32969

osvdb.org/32970

secunia.com/advisories/23938

securityreason.com/securityalert/2203

securitytracker.com/id?1017563

www.kb.cert.org/vuls/id/102465

www.ngssoftware.com/advisories/medium-risk-vulnerability-in-pgp-desktop/

www.securityfocus.com/archive/1/458137/100/0/threaded

www.securityfocus.com/bid/22247

www.vupen.com/english/advisories/2007/0356

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.077

Percentile

94.2%

JSON

Related for CVE-2007-0603