CVE-2007-0603 in PGP Desktopinfo

Summary

PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

01/30/2007

Disclosure

01/30/2007

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
85133	PGP Desktop PGPServ.exe memory corruption	119	Proof-of-Concept	Official fix	CVE-2007-0603
2885	PGP Corporate Desktop RPC Request memory corruption	119	Proof-of-Concept	Official fix	CVE-2007-0603

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!