Reported July 10, 2002, by eEye Digital Security.

VERSIONS AFFECTED

 

·         Network Associates (NAI) Pretty Good Privacy (PGP) Desktop Security 7.0.4

·         NAI PGP Personal Security 7.0.3

·         NAI PGP Freeware 7.0.3

 

DESCRIPTION
A vulnerability exists in NAI’s PGP Outlook Encryption plug-in contained in the above products that can result in remote compromise of the vulnerable system. By sending a specially crafted email to a vulnerable system, an attacker can execute code remotely on the vulnerable system. Read eEye Digital Security’s advisory for a detailed explanation of this vulnerability.

 

VENDOR RESPONSE

NAI has released a patch for the latest version of the PGP Outlook plug-in to address this vulnerability.

 

CREDIT
Discovered by Marc Maiffret and Riley Hassell of eEye Digital Security.