Reported July 10, 2002, by eEye Digital Security.
· Network Associates (NAI) Pretty Good Privacy (PGP) Desktop Security 7.0.4
· NAI PGP Personal Security 7.0.3
· NAI PGP Freeware 7.0.3
A vulnerability exists in NAI’s PGP Outlook Encryption plug-in contained in the above products that can result in remote compromise of the vulnerable system. By sending a specially crafted email to a vulnerable system, an attacker can execute code remotely on the vulnerable system. Read eEye Digital Security’s advisory for a detailed explanation of this vulnerability.
NAI has released a patch for the latest version of the PGP Outlook plug-in to address this vulnerability.
Discovered by Marc Maiffret and Riley Hassell of eEye Digital Security.