4.3

CVE-2010-3618

Exploit
PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a "piggy-back" or "unsigned data injection" issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PgpDesktop For Windows Updatesp1 Version <= 10.0.3
PgpDesktop For Windows Version10.0.0
PgpDesktop For Windows Version10.0.1
PgpDesktop For Windows Version10.0.2
PgpDesktop For Windows Version10.0.3
PgpDesktop For Windows Version10.1.0
PgpDesktop For Mac Updatesp1 Version <= 10.0.3
PgpDesktop For Mac Version10.0.0
PgpDesktop For Mac Version10.0.1
PgpDesktop For Mac Version10.0.2
PgpDesktop For Mac Version10.0.3
PgpDesktop For Mac Version10.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.56% 0.719
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/42293
http://secunia.com/advisories/42307
http://www.cs.ru.nl/E.Verheul/papers/Govcert/Pretty%20Good%20Piggybagging%20v1.0.pdf
Exploit
http://www.kb.cert.org/vuls/id/300785
US Government Resource
http://www.securitytracker.com/id?1024760
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101118_00
https://exchange.xforce.ibmcloud.com/vulnerabilities/63366
https://pgp.custhelp.com/app/answers/detail/a_id/2290
Vendor Advisory