Vulnerability Description
PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pgp | Corporate Desktop | 9.5 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0025.html
- http://osvdb.org/32969
- http://osvdb.org/32970
- http://secunia.com/advisories/23938Vendor Advisory
- http://securityreason.com/securityalert/2203
- http://securitytracker.com/id?1017563
- http://www.kb.cert.org/vuls/id/102465US Government Resource
- http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-pgp-desktop/Vendor Advisory
- http://www.securityfocus.com/archive/1/458137/100/0/threaded
- http://www.securityfocus.com/bid/22247
- http://www.vupen.com/english/advisories/2007/0356
- http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0025.html
- http://osvdb.org/32969
- http://osvdb.org/32970
- http://secunia.com/advisories/23938Vendor Advisory
FAQ
What is CVE-2007-0603?
CVE-2007-0603 is a vulnerability with a CVSS score of 7.1 (HIGH). PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote au...
How severe is CVE-2007-0603?
CVE-2007-0603 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0603?
Check the references section above for vendor advisories and patch information. Affected products include: Pgp Corporate Desktop.