Pgp · Pgp Desktop · CVE-2010-3618
**Name of the Vulnerable Software and Affected Versions**
PGP Desktop versions 10.0.x through 10.0.3 SP1
PGP Desktop version 10.1.0
**Description**
The issue is related to the improper implementation of the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages. This allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, which is referred to as a "piggy-back" or "unsigned data injection" issue.
**Recommendations**
For PGP Desktop versions 10.0.x through 10.0.3 SP1, update to version 10.0.3 SP2.
For PGP Desktop version 10.1.0, update to version 10.1.0 SP1.