CVE-2007-0603

Name of the Vulnerable Software and Affected Versions PGP Desktop versions prior to 9.5.1

Description The issue concerns the lack of validation for data objects received over specific named pipes, allowing remote authenticated users to gain privileges. This is achieved by sending a data object that represents an absolute pointer, leading to code execution at the corresponding address. The affected named pipes are related to PGPServ.exe and PGPsdkServ.exe.

Recommendations For versions prior to 9.5.1, update to version 9.5.1 or later to resolve the issue.