Vulnerability Description
PGP Desktop before 9.10 allows local users to (1) cause a denial of service (crash) via a crafted IOCTL request to pgpdisk.sys, and (2) cause a denial of service (crash) and execute arbitrary code via a crafted IRP in an IOCTL request to pgpwded.sys.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pgp | Desktop | <= 9.9.0 |
Related Weaknesses (CWE)
References
- http://en.securitylab.ru/lab/PT-2009-01Patch
- http://www.securityfocus.com/archive/1/502633/100/0/threaded
- http://www.securitytracker.com/id?1022034
- https://pgp.custhelp.com/cgi-bin/pgp.cfg/php/enduser/std_adp.php?p_faqid=1014&p_Vendor Advisory
- http://en.securitylab.ru/lab/PT-2009-01Patch
- http://www.securityfocus.com/archive/1/502633/100/0/threaded
- http://www.securitytracker.com/id?1022034
- https://pgp.custhelp.com/cgi-bin/pgp.cfg/php/enduser/std_adp.php?p_faqid=1014&p_Vendor Advisory
FAQ
What is CVE-2009-0681?
CVE-2009-0681 is a vulnerability with a CVSS score of 7.2 (HIGH). PGP Desktop before 9.10 allows local users to (1) cause a denial of service (crash) via a crafted IOCTL request to pgpdisk.sys, and (2) cause a denial of service (crash) and execute arbitrary code via...
How severe is CVE-2009-0681?
CVE-2009-0681 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0681?
Check the references section above for vendor advisories and patch information. Affected products include: Pgp Desktop.