[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-3618Date: (C)2010-11-22   (M)2023-12-22


PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a "piggy-back" or "unsigned data injection" issue.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1024760
SECUNIA-42293
SECUNIA-42307
VU#300785
http://www.cs.ru.nl/E.Verheul/papers/Govcert/Pretty%20Good%20Piggybagging%20v1.0.pdf
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101118_00
https://pgp.custhelp.com/app/answers/detail/a_id/2290
pgpdesktop-openpgp-security-bypass(63366)

CPE    10
cpe:/a:pgp:desktop_for_windows:10.0.3
cpe:/a:pgp:desktop_for_windows:10.0.2
cpe:/a:pgp:desktop_for_mac:10.0.2
cpe:/a:pgp:desktop_for_mac:10.0.3
...
CWE    1
CWE-310
OVAL    1
oval:org.secpod.oval:def:21007

© SecPod Technologies