VULHUB ™

It has been reported that PGP Corporate Desktop (and possibly other versions) are vulnerable to a stack overrun condition. The overflow occurs immediately after decryption of a malicious encrypted file. Exploitation may allow for attackers to execute code on recipient systems. Furthermore, the passphrase string in memory is not cleared when the overrun occurs. Shellcode could conceivably be written to obtain the passphrase and transmit it to the attacker.

It has been reported that PGP Corporate Desktop (and possibly other versions) are vulnerable to a stack overrun condition. The overflow occurs immediately after decryption of a malicious encrypted file. Exploitation may allow for attackers to execute code on recipient systems. Furthermore, the passphrase string in memory is not cleared when the overrun occurs. Shellcode could conceivably be written to obtain the passphrase and transmit it to the attacker.