CVE-2017-9046

Name of the Vulnerable Software and Affected Versions Pegasus Mail version 4.72 build 572

Description The issue allows code execution via a crafted ssgp.dll file that must be installed locally. For instance, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a "mailto:" link on a remote web page can trigger the attack.

Recommendations For Pegasus Mail version 4.72 build 572, consider restricting access to the ssgp.dll file to minimize the risk of exploitation. As a temporary workaround, avoid clicking on "mailto:" links from untrusted sources until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.