VULHUB ™

A weakness has been reported for the PGP application that may allow an attacker to embed malicious OLE objects into email messages. This issue occurs because PGP will first strip any OLE objects that are inserted into email messages and then verify the message signature. This poses an issue for the end user as they are not notified by PGP of any stripped OLE objects. A malicious attacker may be able to insert a malicious OLE object into a body of a hijacked email message and then send the email to a victim user where the malicious object may be executed.

A weakness has been reported for the PGP application that may allow an attacker to embed malicious OLE objects into email messages. This issue occurs because PGP will first strip any OLE objects that are inserted into email messages and then verify the message signature. This poses an issue for the end user as they are not notified by PGP of any stripped OLE objects. A malicious attacker may be able to insert a malicious OLE object into a body of a hijacked email message and then send the email to a victim user where the malicious object may be executed.