CVE-2008-5731

Name of the Vulnerable Software and Affected Versions PGP Desktop versions 9.0.6 build 6060 through 9.9.0 build 397

Description The issue allows local users to cause a denial of service, potentially leading to a system crash, and may also allow them to gain privileges. This is achieved through a certain METHOD BUFFERED IOCTL request that overwrites portions of memory, related to a "Driver Collapse."

Recommendations For PGP Desktop version 9.0.6 build 6060, update to a version that fixes the issue. For PGP Desktop version 9.9.0 build 397, update to a version that fixes the issue. As a temporary workaround, consider restricting access to the PGPwded device driver to minimize the risk of exploitation.