CVE-2007-0603

Published Jan 30, 2007

Last updated 6 years ago

Overview

Description: PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.1
Impact score: 10
Exploitability score: 3.9
Vector string: AV:N/AC:H/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:pgp:corporate_desktop:9.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60BBE71E-27F4-4D53-95A7-8EF8FA2A76A4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References