7.1

CVE-2007-0603

EPSS 12.18%
Published 30.01.2007 18:28:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address.

Affected products Warnungen 0 Metrics 2 CWE 0 References 14

Data is provided by the National Vulnerability Database (NVD)

Pgp ≫ Corporate Desktop Version9.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	12.18%	0.936

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	3.9	10	AV:N/AC:H/Au:S/C:C/I:C/A:C

http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0025.html

http://osvdb.org/32969

http://osvdb.org/32970

http://secunia.com/advisories/23938

Vendor Advisory

http://securityreason.com/securityalert/2203

http://securitytracker.com/id?1017563

http://www.kb.cert.org/vuls/id/102465

US Government Resource

http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-pgp-desktop/

Vendor Advisory

http://www.securityfocus.com/archive/1/458137/100/0/threaded

http://www.securityfocus.com/bid/22247

http://www.vupen.com/english/advisories/2007/0356

https://nvd.nist.gov/vuln/detail/CVE-2007-0603

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-0603

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-0603

EUVD