CVE-2010-3618

Name of the Vulnerable Software and Affected Versions PGP Desktop versions 10.0.x through 10.0.3 SP1 PGP Desktop version 10.1.0

Description The issue is related to the improper implementation of the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages. This allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, which is referred to as a "piggy-back" or "unsigned data injection" issue.

Recommendations For PGP Desktop versions 10.0.x through 10.0.3 SP1, update to version 10.0.3 SP2. For PGP Desktop version 10.1.0, update to version 10.1.0 SP1.