Vulnerability Description
An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pgp | Corporate Desktop | 7.1 |
| Pgp | Freeware | 7.0.3 |
| Pgp | Personal Security | 7.0.3 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2002-05/0052.htmlBroken LinkPatchVendor Advisory
- http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7Third Party Advisory
- http://www.iss.net/security_center/static/9044.phpBroken LinkPatchVendor Advisory
- http://www.osvdb.org/4363Broken Link
- http://www.securityfocus.com/bid/4702Broken LinkPatchThird Party Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-05/0052.htmlBroken LinkPatchVendor Advisory
- http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7Third Party Advisory
- http://www.iss.net/security_center/static/9044.phpBroken LinkPatchVendor Advisory
- http://www.osvdb.org/4363Broken Link
- http://www.securityfocus.com/bid/4702Broken LinkPatchThird Party Advisory
FAQ
What is CVE-2002-0788?
CVE-2002-0788 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to stro...
How severe is CVE-2002-0788?
CVE-2002-0788 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0788?
Check the references section above for vendor advisories and patch information. Affected products include: Pgp Corporate Desktop, Pgp Freeware, Pgp Personal Security.