search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Network Associates PGP Outlook Plug-in contains buffer overflow in decoding mechanism

Vulnerability Note VU#821139

Original Release Date: 2002-07-11 | Last Revised: 2002-07-11

Overview

A remotely exploitable buffer overflow exists in the Network Associates PGP Outlook Plug-in.

Description

As reported in eEye Digital Security Advisory AD20020710, a remotely exploitable buffer overflow exists in the PGP Outlook Plug-in. By sending a specially crafted message to a victim, an attacker can execute arbitrary code on the target system.

Impact

A remote attacker can execute arbitrary code on the target system with the privileges of the user running the PGP Outlook Plug-in. As a result, the attacker could do anything the victim could do, including reading sensitive data on the vulnerable system.

Solution

Apply the patch.

Vendor Information

821139
 
Affected   Unknown   Unaffected

PGP

Updated:  July 11, 2002

Status

  Vulnerable

Vendor Statement

Please see http://www.nai.com/naicommon/download/upgrade/patches/patch-pgphotfix.asp.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

This vulnerability was discovered by eEye Digital Security.

This document was written by Ian A Finlay.

Other Information

CVE IDs: None
Severity Metric: 21.00
Date Public: 2002-07-10
Date First Published: 2002-07-11
Date Last Updated: 2002-07-11 17:29 UTC
Document Revision: 14

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.