CVE-2007-1263

Name of the Vulnerable Software and Affected Versions: GnuPG versions 1.0.7 through 1.2.6 GnuPG versions 1.4.6 and earlier

Description: The issue may lead to a breach of confidentiality, integrity, and availability of protected information. It can be exploited remotely. The problem is related to the visual distinction of signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.

Recommendations: For GnuPG versions 1.0.7 through 1.2.6, update to a version later than 1.2.6 to resolve the issue. For GnuPG versions 1.4.6 and earlier, update to a version later than 1.4.6 to resolve the issue. As a temporary workaround, consider visually verifying the authenticity of OpenPGP messages to minimize the risk of exploitation.