search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Network Associates PGP Outlook Plug-in contains buffer overflow in decoding mechanism

Vulnerability Note VU#821139

Original Release Date: 2002-07-11 | Last Revised: 2002-07-11


A remotely exploitable buffer overflow exists in the Network Associates PGP Outlook Plug-in.


As reported in eEye Digital Security Advisory AD20020710, a remotely exploitable buffer overflow exists in the PGP Outlook Plug-in. By sending a specially crafted message to a victim, an attacker can execute arbitrary code on the target system.


A remote attacker can execute arbitrary code on the target system with the privileges of the user running the PGP Outlook Plug-in. As a result, the attacker could do anything the victim could do, including reading sensitive data on the vulnerable system.


Apply the patch.

Vendor Information

Affected   Unknown   Unaffected


Updated:  July 11, 2002



Vendor Statement

Please see

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A



This vulnerability was discovered by eEye Digital Security.

This document was written by Ian A Finlay.

Other Information

CVE IDs: None
Severity Metric: 21.00
Date Public: 2002-07-10
Date First Published: 2002-07-11
Date Last Updated: 2002-07-11 17:29 UTC
Document Revision: 14

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.